Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c Examining data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.h Examining data/openrazer-2.9.0+dfsg/driver/razerchromacommon.c Examining data/openrazer-2.9.0+dfsg/driver/razerchromacommon.h Examining data/openrazer-2.9.0+dfsg/driver/razercommon.c Examining data/openrazer-2.9.0+dfsg/driver/razercommon.h Examining data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c Examining data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.h Examining data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c Examining data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.h Examining data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c Examining data/openrazer-2.9.0+dfsg/driver/razermouse_driver.h Examining data/openrazer-2.9.0+dfsg/driver/usb_hid_keys.h FINAL RESULTS: data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:104:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", DRIVER_VERSION); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:168:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return sprintf(buf, device_type); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:731:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", &serial_string[0]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:319:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", DRIVER_VERSION); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:563:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return sprintf(buf, device_type); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:847:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", &serial_string[0]); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:205:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", DRIVER_VERSION); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:241:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return sprintf(buf, device_type); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:606:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", &device->serial[0]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:195:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", DRIVER_VERSION); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:415:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return sprintf(buf, device_type); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:755:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", &device->serial[0]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:783:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(buf, "%s\n", &serial_string[0]); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_string[51]; data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:769:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "v%u.%u\n", device->firmware_version[1], device->firmware_version[2]); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:810:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u\n", response.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:834:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d:%d\n", response.arguments[0], response.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:921:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", brightness); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:973:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&dev->serial[0], "MUG%012u", rand_serial); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.h:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[23]; data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.h:44:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char firmware_version[3]; data/openrazer-2.9.0+dfsg/driver/razerchromacommon.c:481:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&report.arguments[4], rgb_data, row_length); data/openrazer-2.9.0+dfsg/driver/razerchromacommon.c:760:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&report.arguments[5], rgb_data, row_length); data/openrazer-2.9.0+dfsg/driver/razerchromacommon.c:949:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&report.arguments[2], rgb_data, row_length); data/openrazer-2.9.0+dfsg/driver/razerchromacommon.c:1180:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&report, &orochi2011_led, sizeof(orochi2011_led)); data/openrazer-2.9.0+dfsg/driver/razerchromacommon.c:1191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&report, &orochi2011_dpi, sizeof(orochi2011_dpi)); data/openrazer-2.9.0+dfsg/driver/razercommon.c:104:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(response_report, buf, sizeof(struct razer_report)); data/openrazer-2.9.0+dfsg/driver/razercommon.h:118:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char arguments[80]; data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:210:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%02x\n", response.arguments[0]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:275:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:309:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:627:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:667:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:696:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:723:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:750:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_string[51]; data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:862:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "v%d.%d\n", response_report.arguments[0], response_report.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:1509:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", state); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:1622:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%02x%02x%02x\n", response.arguments[0], response.arguments[1], response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:1750:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", brightness); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:1790:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d:%d\n", response.arguments[0], response.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.h:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.h:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char phys[64]; data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.h:127:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block_keys[3]; data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[0], &device->data[1], len); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:592:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&device->serial[0], &device->data[1], 22); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:642:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "v%x.%x\n", device->firmware_version[1], device->firmware_version[2]); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:654:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%02x\n", current_effect); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:672:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "0:0\n"); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:730:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&dev->serial[0], "HN%015u", rand_serial); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:856:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&device->data[0], &data[0], size); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.h:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[23]; data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.h:44:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char firmware_version[3]; data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.h:159:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char arguments[32]; data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.h:164:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char arguments[36]; data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:431:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "v%d.%d\n", 9, 99); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:435:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "v%d.%d\n", 0x01, 0x00); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:462:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "v%d.%d\n", response_report.arguments[0], response_report.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:746:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_string[23]; data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:814:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response_report.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:834:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "0\n"); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:851:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response_report.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:924:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", polling_rate); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:966:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", polling_rate); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1115:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[brightness_index]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1273:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u\n", dpi_x); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1277:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u:%u\n", device->orochi2011_dpi, device->orochi2011_dpi); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1335:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u:%u\n", dpi_x, dpi_y); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1353:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u\n", idle_time); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1383:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[0]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1562:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d:%d\n", 0, 0); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1589:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d:%d\n", response.arguments[0], response.arguments[1]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1635:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1733:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1816:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1927:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", device->orochi2011_led & 0b00000001); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1932:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "1\n"); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1934:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "0\n"); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1944:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1992:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", (device->orochi2011_led & 0b00000010) >> 1); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1997:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "1\n"); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:1999:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "0\n"); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:2009:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:2045:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u%u%u\n", response.arguments[2], response.arguments[3], response.arguments[4]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:2082:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%u%u%u\n", response.arguments[2], response.arguments[3], response.arguments[4]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:2113:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:2145:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:3129:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buf, "%d\n", response.arguments[2]); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:3283:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&dev->serial[0], "PM%012u", rand_serial); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.h:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[23]; // Now storing a random serial to be used with old devices that don't support it data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:188:12: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. return sprintf(buf, "\n"); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:702:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&serial_string[0], &device->serial[0], sizeof(serial_string)); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:715:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&serial_string[0], &response_report.arguments[0], 22); data/openrazer-2.9.0+dfsg/driver/razeraccessory_driver.c:722:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&serial_string[0], &response_report.arguments[0], 22); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:840:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&serial_string[0], dmi_get_system_info(DMI_PRODUCT_SERIAL), 50); data/openrazer-2.9.0+dfsg/driver/razerkbd_driver.c:843:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&serial_string[0], &response_report.arguments[0], 22); data/openrazer-2.9.0+dfsg/driver/razerkraken_driver.c:261:12: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. return sprintf(buf, "\n"); data/openrazer-2.9.0+dfsg/driver/razermouse_driver.c:779:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&serial_string[0], &response_report.arguments[0], 22); ANALYSIS SUMMARY: Hits = 99 Lines analyzed = 11681 in approximately 0.35 seconds (33642 lines/second) Physical Source Lines of Code (SLOC) = 8091 Hits@level = [0] 0 [1] 8 [2] 78 [3] 0 [4] 13 [5] 0 Hits@level+ = [0+] 99 [1+] 99 [2+] 91 [3+] 13 [4+] 13 [5+] 0 Hits/KSLOC@level+ = [0+] 12.2358 [1+] 12.2358 [2+] 11.2471 [3+] 1.60672 [4+] 1.60672 [5+] 0 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.