Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/octave-instrument-control-0.6.0/src/gpib/__gpib_clrdevice__.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/__gpib_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/__gpib_spoll__.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/__gpib_trigger__.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib_class.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib_class.h
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib_close.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib_read.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib_timeout.cc
Examining data/octave-instrument-control-0.6.0/src/gpib/gpib_write.cc
Examining data/octave-instrument-control-0.6.0/src/hwinfo/__instr_hwinfo__.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/__i2c_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/__i2c_properties__.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c_addr.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c_class.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c_class.h
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c_close.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c_read.cc
Examining data/octave-instrument-control-0.6.0/src/i2c/i2c_write.cc
Examining data/octave-instrument-control-0.6.0/src/oct-alt-includes.h
Examining data/octave-instrument-control-0.6.0/src/parallel/__parallel_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/parallel.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/parallel_class.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/parallel_class.h
Examining data/octave-instrument-control-0.6.0/src/parallel/pp_close.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/pp_ctrl.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/pp_data.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/pp_datadir.cc
Examining data/octave-instrument-control-0.6.0/src/parallel/pp_stat.cc
Examining data/octave-instrument-control-0.6.0/src/resolvehost/resolvehost.cc
Examining data/octave-instrument-control-0.6.0/src/serial/__serial_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/serial/__srl_properties__.cc
Examining data/octave-instrument-control-0.6.0/src/serial/serial.cc
Examining data/octave-instrument-control-0.6.0/src/serial/serial_class.cc
Examining data/octave-instrument-control-0.6.0/src/serial/serial_class.h
Examining data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.cc
Examining data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.h
Examining data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.cc
Examining data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.h
Examining data/octave-instrument-control-0.6.0/src/serial/srl_read.cc
Examining data/octave-instrument-control-0.6.0/src/serial/srl_write.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/__serialport_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/__srlp_properties__.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/__srlp_read__.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/__srlp_write__.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport_class.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport_class.h
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.h
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.cc
Examining data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.h
Examining data/octave-instrument-control-0.6.0/src/spi/__spi_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/spi/__spi_properties__.cc
Examining data/octave-instrument-control-0.6.0/src/spi/spi.cc
Examining data/octave-instrument-control-0.6.0/src/spi/spi_class.cc
Examining data/octave-instrument-control-0.6.0/src/spi/spi_class.h
Examining data/octave-instrument-control-0.6.0/src/spi/spi_close.cc
Examining data/octave-instrument-control-0.6.0/src/spi/spi_read.cc
Examining data/octave-instrument-control-0.6.0/src/spi/spi_write.cc
Examining data/octave-instrument-control-0.6.0/src/spi/spi_writeAndRead.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/__tcp_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp_class.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp_class.h
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp_close.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp_read.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp_write.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/__tcp_properties__.cc
Examining data/octave-instrument-control-0.6.0/src/tcp/tcp_timeout.cc
Examining data/octave-instrument-control-0.6.0/src/udp/__udp_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/udp/__udp_properties__.cc
Examining data/octave-instrument-control-0.6.0/src/udp/udp.cc
Examining data/octave-instrument-control-0.6.0/src/udp/udp_class.cc
Examining data/octave-instrument-control-0.6.0/src/udp/udp_class.h
Examining data/octave-instrument-control-0.6.0/src/udp/udp_close.cc
Examining data/octave-instrument-control-0.6.0/src/udp/udp_read.cc
Examining data/octave-instrument-control-0.6.0/src/udp/udp_timeout.cc
Examining data/octave-instrument-control-0.6.0/src/udp/udp_write.cc
Examining data/octave-instrument-control-0.6.0/src/undef-ah-octave.h
Examining data/octave-instrument-control-0.6.0/src/usbtmc/__usbtmc_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc.cc
Examining data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.cc
Examining data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.h
Examining data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_close.cc
Examining data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_read.cc
Examining data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_write.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/__vxi11_pkg_lock__.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11.h
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.h
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_clnt.c
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_close.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_read.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_svc.c
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_write.cc
Examining data/octave-instrument-control-0.6.0/src/vxi11/vxi11_xdr.c
FINAL RESULTS:
data/octave-instrument-control-0.6.0/src/gpib/gpib.cc:102:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval->open (minor, gpibid, secid, timeout, send_eoi, eos_mode);
data/octave-instrument-control-0.6.0/src/gpib/gpib_class.cc:84:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_gpib::open (int minor, int gpibid, int sad, int timeout, int send_eoi, int eos_mode)
data/octave-instrument-control-0.6.0/src/gpib/gpib_class.h:40:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(int, int, int, int, int, int);
data/octave-instrument-control-0.6.0/src/i2c/i2c.cc:106:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open (path, oflags) < 0)
data/octave-instrument-control-0.6.0/src/i2c/i2c_class.cc:107:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_i2c::open (const std::string &path, int flags)
data/octave-instrument-control-0.6.0/src/i2c/i2c_class.cc:112:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open (path.c_str (), flags, 0);
data/octave-instrument-control-0.6.0/src/i2c/i2c_class.h:29:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open (const std::string& /* path */, int /* open flags */);
data/octave-instrument-control-0.6.0/src/parallel/parallel.cc:113:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open (path, oflags) < 0)
data/octave-instrument-control-0.6.0/src/parallel/parallel_class.cc:83:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_parallel::open (string path, int flags)
data/octave-instrument-control-0.6.0/src/parallel/parallel_class.cc:85:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->fd = ::open (path.c_str (), flags, 0);
data/octave-instrument-control-0.6.0/src/parallel/parallel_class.h:32:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open (string /* path */, int /* open flags */);
data/octave-instrument-control-0.6.0/src/resolvehost/resolvehost.cc:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&in.sin_addr, hostinfo->h_addr_list[0], hostinfo->h_length);
data/octave-instrument-control-0.6.0/src/resolvehost/resolvehost.cc:177:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1025];
data/octave-instrument-control-0.6.0/src/serial/serial.cc:141:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval->open (path);
data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.cc:59:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_serial::open (const std::string &path)
data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.cc:66:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open (path.c_str (), flags);
data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.h:34:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::string& /* path */);
data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.cc:48:6: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t errstring[100+1];
data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.cc:57:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstring[100+1];
data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.cc:91:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_serial::open (const std::string &path)
data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.h:34:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::string& /* path */);
data/octave-instrument-control-0.6.0/src/serialport/serialport.cc:228:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval->open (path);
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.cc:53:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_serialport::open (const std::string &path)
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.cc:60:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open (path.c_str (), flags);
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.h:33:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::string& /* path */);
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.cc:47:6: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t errstring[100+1];
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.cc:56:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstring[100+1];
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.cc:84:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_serialport::open (const std::string &path)
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.h:33:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::string& /* path */);
data/octave-instrument-control-0.6.0/src/spi/spi.cc:179:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open (path, oflags) < 0)
data/octave-instrument-control-0.6.0/src/spi/spi_class.cc:100:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_spi::open (const std::string &path, int flags)
data/octave-instrument-control-0.6.0/src/spi/spi_class.cc:105:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open (path.c_str (), flags, 0);
data/octave-instrument-control-0.6.0/src/spi/spi_class.h:31:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open (const std::string& /* path */, int /* open flags */);
data/octave-instrument-control-0.6.0/src/tcp/tcp.cc:190:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open (address, port) < 0)
data/octave-instrument-control-0.6.0/src/tcp/tcp_class.cc:188:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_tcp::open (const std::string &address, int port)
data/octave-instrument-control-0.6.0/src/tcp/tcp_class.h:43:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open (const std::string &, int);
data/octave-instrument-control-0.6.0/src/udp/udp.cc:180:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open(address, port, localport) < 0)
data/octave-instrument-control-0.6.0/src/udp/udp_class.cc:102:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in->sin_addr, host->h_addr_list[0], host->h_length);
data/octave-instrument-control-0.6.0/src/udp/udp_class.cc:206:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_udp::open (const std::string &address, int port, int localport)
data/octave-instrument-control-0.6.0/src/udp/udp_class.h:43:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open (const std::string &address, int port, int localport);
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc.cc:77:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open (path, oflags) < 0)
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.cc:78:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_usbtmc::open (const std::string &path, int flags)
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.cc:80:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open (path.c_str (), flags, 0);
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.h:30:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const std::string&, int);
data/octave-instrument-control-0.6.0/src/vxi11/vxi11.cc:74:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (retval->open (path) < 0)
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:87:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
octave_vxi11::open (string ip)
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:241:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (send_cmd, buf, len);
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpip[256];
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:382:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpip[256];
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.h:35:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open (string);
data/octave-instrument-control-0.6.0/src/gpib/gpib_class.cc:97:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_gpib::read (uint8_t *buf, unsigned int len, bool *eoi)
data/octave-instrument-control-0.6.0/src/gpib/gpib_class.h:34:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t*, unsigned int, bool*);
data/octave-instrument-control-0.6.0/src/gpib/gpib_read.cc:83:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytes_read = gpib->read (buffer, buffer_len, &eoi);
data/octave-instrument-control-0.6.0/src/i2c/i2c_class.cc:159:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_i2c::read (uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/i2c/i2c_class.cc:170:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = ::read (get_fd (), buf, len);
data/octave-instrument-control-0.6.0/src/i2c/i2c_class.h:45:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read (uint8_t* /* buffer */, unsigned int /* buffer size */);
data/octave-instrument-control-0.6.0/src/i2c/i2c_read.cc:84:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = i2c->read (buffer, buffer_len);
data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.cc:125:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_serial::read (uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.cc:142:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_retval = ::read (fd, (void *)(buf + bytes_read), len - bytes_read);
data/octave-instrument-control-0.6.0/src/serial/serial_class_lin.h:32:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t* /* buffer */, unsigned int /* buffer size */);
data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.cc:150:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_serial::read(uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/serial/serial_class_win32.h:32:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t* /* buffer */, unsigned int /* buffer size */);
data/octave-instrument-control-0.6.0/src/serial/srl_read.cc:81:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytes_read = serial->read (buffer, buffer_len);
data/octave-instrument-control-0.6.0/src/serialport/__srlp_read__.cc:81:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytes_read = serial->read (buffer, buffer_len);
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.cc:120:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_serialport::read (uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.cc:138:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_retval = ::read (fd, (void *)(buf + bytes_read), len - bytes_read);
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_lin.h:31:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t* /* buffer */, unsigned int /* buffer size */);
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.cc:143:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_serialport::read(uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/serialport/serialport_class_win32.h:31:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t* /* buffer */, unsigned int /* buffer size */);
data/octave-instrument-control-0.6.0/src/spi/spi_class.cc:150:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_spi::read (uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/spi/spi_class.h:53:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read (uint8_t* /* buffer */, unsigned int /* buffer size */);
data/octave-instrument-control-0.6.0/src/spi/spi_read.cc:83:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = spi->read (buffer, buffer_len);
data/octave-instrument-control-0.6.0/src/tcp/tcp_class.cc:273:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_tcp::read (uint8_t *buf, unsigned int len, double readtimeout)
data/octave-instrument-control-0.6.0/src/tcp/tcp_class.cc:485:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read (tmpbuffer, 1024, 0) > 0) {}
data/octave-instrument-control-0.6.0/src/tcp/tcp_class.h:41:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read (uint8_t *, unsigned int, double);
data/octave-instrument-control-0.6.0/src/tcp/tcp_read.cc:100:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytes_read = tcp->read (buffer, buffer_len, timeout);
data/octave-instrument-control-0.6.0/src/udp/udp_class.cc:321:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_udp::read (uint8_t *buf, unsigned int len, double readtimeout)
data/octave-instrument-control-0.6.0/src/udp/udp_class.cc:555:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read (tmpbuffer, 1024, 0) > 0) {}
data/octave-instrument-control-0.6.0/src/udp/udp_class.h:41:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read (uint8_t *buf, unsigned int len, double readtimeout);
data/octave-instrument-control-0.6.0/src/udp/udp_read.cc:99:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytes_read = udp->read(buffer, buffer_len, timeout);
data/octave-instrument-control-0.6.0/src/udp/udp_read.cc:132:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
%! # does read wait
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.cc:92:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_usbtmc::read (uint8_t *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.cc:100:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int retval = ::read (get_fd (), buf, len);
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_class.h:36:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t*, unsigned int);
data/octave-instrument-control-0.6.0/src/usbtmc/usbtmc_read.cc:89:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = usbtmc->read (buffer, buffer_len);
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:104:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
octave_vxi11::read(char *buf, unsigned int len)
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:340:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpip, ip, 250);
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.cc:383:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpip, ip, 250);
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_class.h:40:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read (char*, unsigned int);
data/octave-instrument-control-0.6.0/src/vxi11/vxi11_read.cc:82:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = vxi11->read (buffer, buffer_len);
ANALYSIS SUMMARY:
Hits = 90
Lines analyzed = 16102 in approximately 0.35 seconds (46138 lines/second)
Physical Source Lines of Code (SLOC) = 10927
Hits@level = [0] 13 [1] 40 [2] 50 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 103 [1+] 90 [2+] 50 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.42619 [1+] 8.23648 [2+] 4.57582 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.