Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/powertop-2.11/src/devlist.cpp Examining data/powertop-2.11/src/process/do_process.cpp Examining data/powertop-2.11/src/process/work.cpp Examining data/powertop-2.11/src/process/timer.cpp Examining data/powertop-2.11/src/process/process.cpp Examining data/powertop-2.11/src/process/work.h Examining data/powertop-2.11/src/process/process.h Examining data/powertop-2.11/src/process/powerconsumer.h Examining data/powertop-2.11/src/process/interrupt.cpp Examining data/powertop-2.11/src/process/interrupt.h Examining data/powertop-2.11/src/process/timer.h Examining data/powertop-2.11/src/process/processdevice.cpp Examining data/powertop-2.11/src/process/processdevice.h Examining data/powertop-2.11/src/process/powerconsumer.cpp Examining data/powertop-2.11/src/calibrate/calibrate.cpp Examining data/powertop-2.11/src/calibrate/calibrate.h Examining data/powertop-2.11/src/wakeup/wakeup_usb.h Examining data/powertop-2.11/src/wakeup/wakeup.cpp Examining data/powertop-2.11/src/wakeup/waketab.cpp Examining data/powertop-2.11/src/wakeup/wakeup_ethernet.h Examining data/powertop-2.11/src/wakeup/wakeup.h Examining data/powertop-2.11/src/wakeup/wakeup_ethernet.cpp Examining data/powertop-2.11/src/wakeup/wakeup_usb.cpp Examining data/powertop-2.11/src/tuning/tunable.cpp Examining data/powertop-2.11/src/tuning/tuningi2c.cpp Examining data/powertop-2.11/src/tuning/runtime.h Examining data/powertop-2.11/src/tuning/nl80211.h Examining data/powertop-2.11/src/tuning/tuning.cpp Examining data/powertop-2.11/src/tuning/tuning.h Examining data/powertop-2.11/src/tuning/wifi.h Examining data/powertop-2.11/src/tuning/tuningusb.cpp Examining data/powertop-2.11/src/tuning/tuningi2c.h Examining data/powertop-2.11/src/tuning/tunable.h Examining data/powertop-2.11/src/tuning/tuningsysfs.cpp Examining data/powertop-2.11/src/tuning/wifi.cpp Examining data/powertop-2.11/src/tuning/ethernet.cpp Examining data/powertop-2.11/src/tuning/tuningsysfs.h Examining data/powertop-2.11/src/tuning/iw.c Examining data/powertop-2.11/src/tuning/runtime.cpp Examining data/powertop-2.11/src/tuning/ethernet.h Examining data/powertop-2.11/src/tuning/iw.h Examining data/powertop-2.11/src/tuning/tuningusb.h Examining data/powertop-2.11/src/tuning/bluetooth.h Examining data/powertop-2.11/src/tuning/bluetooth.cpp Examining data/powertop-2.11/src/display.h Examining data/powertop-2.11/src/cpu/cpu.cpp Examining data/powertop-2.11/src/cpu/cpudevice.h Examining data/powertop-2.11/src/cpu/dram_rapl_device.h Examining data/powertop-2.11/src/cpu/dram_rapl_device.cpp Examining data/powertop-2.11/src/cpu/cpudevice.cpp Examining data/powertop-2.11/src/cpu/rapl/rapl_interface.h Examining data/powertop-2.11/src/cpu/rapl/rapl_interface.cpp Examining data/powertop-2.11/src/cpu/intel_cpus.h Examining data/powertop-2.11/src/cpu/cpu.h Examining data/powertop-2.11/src/cpu/cpu_core.cpp Examining data/powertop-2.11/src/cpu/cpu_package.cpp Examining data/powertop-2.11/src/cpu/cpu_rapl_device.h Examining data/powertop-2.11/src/cpu/cpu_linux.cpp Examining data/powertop-2.11/src/cpu/intel_gpu.cpp Examining data/powertop-2.11/src/cpu/intel_cpus.cpp Examining data/powertop-2.11/src/cpu/abstract_cpu.cpp Examining data/powertop-2.11/src/cpu/cpu_rapl_device.cpp Examining data/powertop-2.11/src/perf/perf.h Examining data/powertop-2.11/src/perf/perf.cpp Examining data/powertop-2.11/src/perf/perf_event.h Examining data/powertop-2.11/src/perf/perf_bundle.h Examining data/powertop-2.11/src/perf/perf_bundle.cpp Examining data/powertop-2.11/src/devlist.h Examining data/powertop-2.11/src/display.cpp Examining data/powertop-2.11/src/lib.cpp Examining data/powertop-2.11/src/devices/device.h Examining data/powertop-2.11/src/devices/usb.h Examining data/powertop-2.11/src/devices/device.cpp Examining data/powertop-2.11/src/devices/rfkill.cpp Examining data/powertop-2.11/src/devices/devfreq.cpp Examining data/powertop-2.11/src/devices/thinkpad-fan.cpp Examining data/powertop-2.11/src/devices/gpu_rapl_device.h Examining data/powertop-2.11/src/devices/thinkpad-light.h Examining data/powertop-2.11/src/devices/ahci.h Examining data/powertop-2.11/src/devices/network.cpp Examining data/powertop-2.11/src/devices/runtime_pm.h Examining data/powertop-2.11/src/devices/alsa.h Examining data/powertop-2.11/src/devices/gpu_rapl_device.cpp Examining data/powertop-2.11/src/devices/i915-gpu.cpp Examining data/powertop-2.11/src/devices/thinkpad-fan.h Examining data/powertop-2.11/src/devices/devfreq.h Examining data/powertop-2.11/src/devices/i915-gpu.h Examining data/powertop-2.11/src/devices/backlight.h Examining data/powertop-2.11/src/devices/rfkill.h Examining data/powertop-2.11/src/devices/usb.cpp Examining data/powertop-2.11/src/devices/network.h Examining data/powertop-2.11/src/devices/thinkpad-light.cpp Examining data/powertop-2.11/src/devices/backlight.cpp Examining data/powertop-2.11/src/devices/ahci.cpp Examining data/powertop-2.11/src/devices/runtime_pm.cpp Examining data/powertop-2.11/src/devices/alsa.cpp Examining data/powertop-2.11/src/main.cpp Examining data/powertop-2.11/src/report/report.cpp Examining data/powertop-2.11/src/report/report-maker.h Examining data/powertop-2.11/src/report/report-formatter-csv.h Examining data/powertop-2.11/src/report/report.h Examining data/powertop-2.11/src/report/report-formatter-base.cpp Examining data/powertop-2.11/src/report/report-formatter-html.h Examining data/powertop-2.11/src/report/report-data-html.cpp Examining data/powertop-2.11/src/report/report-data-html.h Examining data/powertop-2.11/src/report/report-formatter-base.h Examining data/powertop-2.11/src/report/report-formatter-html.cpp Examining data/powertop-2.11/src/report/report-formatter-csv.cpp Examining data/powertop-2.11/src/report/report-maker.cpp Examining data/powertop-2.11/src/report/report-formatter.h Examining data/powertop-2.11/src/lib.h Examining data/powertop-2.11/src/measurement/acpi.h Examining data/powertop-2.11/src/measurement/measurement.cpp Examining data/powertop-2.11/src/measurement/sysfs.cpp Examining data/powertop-2.11/src/measurement/acpi.cpp Examining data/powertop-2.11/src/measurement/measurement.h Examining data/powertop-2.11/src/measurement/extech.h Examining data/powertop-2.11/src/measurement/opal-sensors.cpp Examining data/powertop-2.11/src/measurement/opal-sensors.h Examining data/powertop-2.11/src/measurement/sysfs.h Examining data/powertop-2.11/src/measurement/extech.cpp Examining data/powertop-2.11/src/css.h Examining data/powertop-2.11/src/parameters/persistent.cpp Examining data/powertop-2.11/src/parameters/parameters.h Examining data/powertop-2.11/src/parameters/learn.cpp Examining data/powertop-2.11/src/parameters/parameters.cpp Examining data/powertop-2.11/traceevent/trace-seq.c Examining data/powertop-2.11/traceevent/event-parse.c Examining data/powertop-2.11/traceevent/event-utils.h Examining data/powertop-2.11/traceevent/event-parse.h Examining data/powertop-2.11/traceevent/parse-filter.c Examining data/powertop-2.11/traceevent/parse-utils.c FINAL RESULTS: data/powertop-2.11/src/devices/network.cpp:176:6: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (readlink(filename.c_str(), line, 4096) > 0) { data/powertop-2.11/src/devices/rfkill.cpp:64:6: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (readlink(filename, line, sizeof(line)) > 0) { data/powertop-2.11/src/devices/rfkill.cpp:68:6: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (readlink(filename, line, sizeof(line)) > 0) { data/powertop-2.11/src/devlist.cpp:143:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. ret = readlink(filename, link, sizeof(link) - 1); data/powertop-2.11/src/calibrate/calibrate.cpp:95:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/calibrate/calibrate.cpp:129:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/calibrate/calibrate.cpp:159:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/calibrate/calibrate.cpp:185:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK)!=0) data/powertop-2.11/src/calibrate/calibrate.cpp:356:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(!system("DISPLAY=:0 /usr/bin/xset dpms force off")) data/powertop-2.11/src/calibrate/calibrate.cpp:359:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(!system("DISPLAY=:0 /usr/bin/xset dpms force on")) data/powertop-2.11/src/calibrate/calibrate.cpp:366:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(!system("DISPLAY=:0 /usr/bin/xset dpms force off")) data/powertop-2.11/src/calibrate/calibrate.cpp:369:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(!system("DISPLAY=:0 /usr/bin/xset dpms force on")) data/powertop-2.11/src/cpu/cpu.cpp:323:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/sys/class/drm/card0/power/rc6_residency_ms", R_OK) == 0) data/powertop-2.11/src/cpu/cpu.cpp:566:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_num, sizeof(tmp_num), __("Core %d"), _core->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:573:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_num, sizeof(tmp_num), __("GPU %d"), _core->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:775:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_num, sizeof(tmp_num), __("Core %d"), _core->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:796:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmp_num, sizeof(tmp_num), __("CPU %d"), _cpu->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:895:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, fill_state_name(_package, state, line, buffer)); data/powertop-2.11/src/cpu/cpu.cpp:897:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, fill_state_line(_package, state, line, buffer)); data/powertop-2.11/src/cpu/cpu.cpp:907:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, fill_state_name(_core, state, line, buffer)); data/powertop-2.11/src/cpu/cpu.cpp:909:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, fill_state_line(_core, state, line, buffer)); data/powertop-2.11/src/cpu/cpu.cpp:923:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, fill_state_name(_cpu, state, line, buffer)); data/powertop-2.11/src/cpu/cpu.cpp:929:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, fill_state_line(_cpu, state, line, buffer)); data/powertop-2.11/src/cpu/cpu_core.cpp:37:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer, this->has_intel_MSR ? _(" Core(HW)"): _(" Core(OS)")); data/powertop-2.11/src/cpu/cpu_core.cpp:58:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s", cstates[i]->human_name); data/powertop-2.11/src/cpu/cpu_core.cpp:73:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s", pstates[line_nr]->human_name); data/powertop-2.11/src/cpu/cpu_linux.cpp:253:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%5.1f%%%s %6.1f ms", data/powertop-2.11/src/cpu/cpu_linux.cpp:309:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s", cstates[i]->human_name); data/powertop-2.11/src/cpu/cpu_linux.cpp:323:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s", pstates[line_nr]->human_name); data/powertop-2.11/src/cpu/cpu_package.cpp:47:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer, this->has_intel_MSR ? _(" Pkg(HW)"): _(" Pkg(OS)")); data/powertop-2.11/src/cpu/cpu_package.cpp:70:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s", cstates[i]->human_name); data/powertop-2.11/src/cpu/cpu_package.cpp:85:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"%s", pstates[line_nr]->human_name); data/powertop-2.11/src/cpu/rapl/rapl_interface.cpp:36:24: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define RAPL_DBG_PRINT printf data/powertop-2.11/src/cpu/rapl/rapl_interface.cpp:37:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define RAPL_ERROR_PRINT printf data/powertop-2.11/src/cpu/rapl/rapl_interface.cpp:42:36: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define RAPL_INFO_PRINT(format, m) fprintf(stderr, format, m) data/powertop-2.11/src/devices/alsa.cpp:162:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/devices/backlight.cpp:217:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(powername, "%s-power", name); data/powertop-2.11/src/devices/devfreq.cpp:203:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%-15s", dstates[idx]->human_name); data/powertop-2.11/src/devices/devfreq.cpp:297:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fline, buf); data/powertop-2.11/src/devices/devfreq.cpp:299:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fline, buf); data/powertop-2.11/src/devices/device.cpp:76:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(test_path, R_OK) == 0) data/powertop-2.11/src/devices/device.cpp:77:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(current_path, test_path); data/powertop-2.11/src/devices/device.cpp:198:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(util, "%5.1f%s", all_devices[i]->utilization(), all_devices[i]->util_units()); data/powertop-2.11/src/devices/device.cpp:200:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(util, "%5i%s", (int)all_devices[i]->utilization(), all_devices[i]->util_units()); data/powertop-2.11/src/devices/device.cpp:290:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(util, "%5.1f%s", data/powertop-2.11/src/devices/device.cpp:294:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(util, "%5i%s", data/powertop-2.11/src/devices/i915-gpu.cpp:83:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) !=0) { data/powertop-2.11/src/devices/i915-gpu.cpp:86:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/devices/network.cpp:147:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(humanname, "nic:%s", _name); data/powertop-2.11/src/devices/runtime_pm.cpp:206:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, W_OK) == 0) data/powertop-2.11/src/devices/thinkpad-fan.cpp:83:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) !=0) data/powertop-2.11/src/devices/thinkpad-light.cpp:81:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) !=0) data/powertop-2.11/src/devices/usb.cpp:227:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(device_name, R_OK) != 0) data/powertop-2.11/src/devlist.cpp:221:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_dev->guilty, one[i]->comm); data/powertop-2.11/src/devlist.cpp:233:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_dev->guilty, two[i]->comm); data/powertop-2.11/src/lib.cpp:244:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, sizeof(filename), format, param); data/powertop-2.11/src/lib.cpp:288:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, _("%7sW"), fmt_prefix(W, buf)); data/powertop-2.11/src/lib.cpp:508:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(msr_path, R_OK) != 0){ data/powertop-2.11/src/lib.cpp:511:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(msr_path, R_OK) != 0){ data/powertop-2.11/src/lib.cpp:544:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(msr_path, R_OK) != 0){ data/powertop-2.11/src/lib.cpp:547:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(msr_path, R_OK) != 0){ data/powertop-2.11/src/lib.cpp:584:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(notify, UI_NOTIFY_BUFF_SZ - 1, frmt, list); data/powertop-2.11/src/lib.cpp:595:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(frmt, list); data/powertop-2.11/src/main.cpp:232:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(workload)) data/powertop-2.11/src/main.cpp:364:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/sbin/modprobe cpufreq_stats > /dev/null 2>&1")) data/powertop-2.11/src/main.cpp:367:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/sbin/modprobe msr > /dev/null 2>&1")) data/powertop-2.11/src/main.cpp:373:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/bin/mount", X_OK) == 0) { data/powertop-2.11/src/main.cpp:374:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system("/bin/mount -t debugfs debugfs /sys/kernel/debug > /dev/null 2>&1"); data/powertop-2.11/src/main.cpp:376:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system("mount -t debugfs debugfs /sys/kernel/debug > /dev/null 2>&1"); data/powertop-2.11/src/main.cpp:392:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/var/cache/", W_OK) == 0) data/powertop-2.11/src/measurement/extech.cpp:86:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ret = access(device_name, R_OK | W_OK); data/powertop-2.11/src/parameters/parameters.cpp:456:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/var/cache/powertop", W_OK ) == 0) data/powertop-2.11/src/parameters/parameters.cpp:458:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/data/local/powertop", W_OK ) == 0) data/powertop-2.11/src/perf/perf_bundle.cpp:142:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "/sys/kernel/debug/tracing/events/%s/%s/format", sys, event); data/powertop-2.11/src/report/report-formatter-base.cpp:82:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(str, sizeof(str), fmt, ap); data/powertop-2.11/src/report/report-formatter-base.cpp:111:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(str, sizeof(str), fmt, ap); data/powertop-2.11/src/report/report-formatter-base.h:43:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 2, 3))); data/powertop-2.11/src/report/report-formatter-base.h:45:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 2, 3))); data/powertop-2.11/src/report/report-maker.h:115:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 2, 3))); data/powertop-2.11/src/tuning/bluetooth.cpp:128:3: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access("/sys/module/hci_usb",F_OK)) /* interface down already */ data/powertop-2.11/src/tuning/bluetooth.cpp:143:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. file = popen("/usr/bin/hcitool con 2> /dev/null", "r"); data/powertop-2.11/src/tuning/bluetooth.cpp:179:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system("/bin/hciconfig hci0 up &> /dev/null &")) data/powertop-2.11/src/tuning/bluetooth.cpp:183:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system("/bin/hciconfig hci0 down &> /dev/null")) data/powertop-2.11/src/tuning/ethernet.cpp:54:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Wake-on-lan status for device %s"), iface); data/powertop-2.11/src/tuning/runtime.cpp:45:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(runtime_path, "%s/power/control", path); data/powertop-2.11/src/tuning/runtime.cpp:48:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Runtime PM for %s device %s"), bus, dev); data/powertop-2.11/src/tuning/runtime.cpp:50:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("%s device %s has no runtime power management"), bus, dev); data/powertop-2.11/src/tuning/runtime.cpp:74:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("PCI Device %s has no runtime power management"), pci_id_to_name(vendor, device, filename, 4095)); data/powertop-2.11/src/tuning/runtime.cpp:76:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Runtime PM for PCI Device %s"), pci_id_to_name(vendor, device, filename, 4095)); data/powertop-2.11/src/tuning/runtime.cpp:80:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Runtime PM for port %s of PCI device: %s"), port, pci_id_to_name(vendor, device, filename, 4095)); data/powertop-2.11/src/tuning/runtime.cpp:83:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Runtime PM for disk %s"), port); data/powertop-2.11/src/tuning/runtime.cpp:151:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/tuning/runtime.cpp:168:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/tuning/runtime.cpp:187:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/tuning/tuningi2c.cpp:109:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, W_OK) == 0) data/powertop-2.11/src/tuning/tuningsysfs.cpp:108:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(_sysfs_path, R_OK) != 0) data/powertop-2.11/src/tuning/tuningusb.cpp:125:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/tuning/tuningusb.cpp:129:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK)!=0) data/powertop-2.11/src/tuning/tuningusb.cpp:141:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) == 0 && read_sysfs(filename) == 0) data/powertop-2.11/src/tuning/wifi.cpp:48:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Wireless Power Saving for interface %s"), iface); data/powertop-2.11/src/wakeup/wakeup_ethernet.cpp:51:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Wake-on-lan status for device %s"), iface); data/powertop-2.11/src/wakeup/wakeup_ethernet.cpp:100:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/src/wakeup/wakeup_usb.cpp:51:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desc, _("Wake status for USB device %s"), iface); data/powertop-2.11/src/wakeup/wakeup_usb.cpp:100:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) != 0) data/powertop-2.11/traceevent/event-parse.c:824:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newtok, buf); data/powertop-2.11/traceevent/event-parse.c:826:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newtok, buf); data/powertop-2.11/traceevent/event-parse.c:1332:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(field->type, last_token); data/powertop-2.11/traceevent/event-parse.c:1385:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(brackets, token); data/powertop-2.11/traceevent/event-parse.c:1425:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(field->type, field->name); data/powertop-2.11/traceevent/event-parse.c:1428:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(field->type, brackets); data/powertop-2.11/traceevent/event-parse.c:1441:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(field->type, brackets); data/powertop-2.11/traceevent/event-parse.c:2806:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(atom, token); data/powertop-2.11/traceevent/event-parse.c:3216:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (!sys || strcmp(pevent->last_event->system, sys) == 0)) data/powertop-2.11/traceevent/event-parse.c:3224:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (strcmp(event->system, sys) == 0) data/powertop-2.11/traceevent/event-parse.c:4535:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. res = strcmp((*ea)->system, (*eb)->system); data/powertop-2.11/traceevent/event-parse.c:4535:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. res = strcmp((*ea)->system, (*eb)->system); data/powertop-2.11/traceevent/event-parse.c:4548:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. res = strcmp((*ea)->system, (*eb)->system); data/powertop-2.11/traceevent/event-parse.c:4548:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. res = strcmp((*ea)->system, (*eb)->system); data/powertop-2.11/traceevent/event-parse.c:4891:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (sys_name && (strcmp(sys_name, event->system) != 0)) data/powertop-2.11/traceevent/event-parse.c:4921:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. event->id, event->system, event->name); data/powertop-2.11/traceevent/event-parse.c:4983:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!event->system) { data/powertop-2.11/traceevent/event-parse.c:5045:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. free(event->system); data/powertop-2.11/traceevent/event-parse.c:5478:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (sys_name && (strcmp(sys_name, event->system) != 0)) data/powertop-2.11/traceevent/event-parse.c:5487:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. event->id, event->system, event->name); data/powertop-2.11/traceevent/event-parse.c:5564:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. free(event->system); data/powertop-2.11/traceevent/event-parse.h:76:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 2, 3))); data/powertop-2.11/traceevent/event-parse.h:78:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 2, 0))); data/powertop-2.11/traceevent/event-parse.h:299:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. char *system; data/powertop-2.11/traceevent/parse-filter.c:62:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(error, input); data/powertop-2.11/traceevent/parse-filter.c:72:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(error + len, MAX_ERR_STR_SIZE, fmt, ap); data/powertop-2.11/traceevent/parse-filter.c:260:32: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return !regexec(sreg, event->system, 0, NULL, 0) && data/powertop-2.11/traceevent/parse-filter.c:264:31: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return !regexec(ereg, event->system, 0, NULL, 0) || data/powertop-2.11/traceevent/parse-filter.c:287:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(reg, "^%s$", event_name); data/powertop-2.11/traceevent/parse-filter.c:297:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(reg, "^%s$", sys_name); data/powertop-2.11/traceevent/parse-filter.c:1364:28: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. sys = filter_type->event->system; data/powertop-2.11/traceevent/parse-filter.c:1461:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. event->system, data/powertop-2.11/traceevent/parse-filter.c:2127:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s %s %s", lstr, op, rstr); data/powertop-2.11/traceevent/parse-utils.c:38:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/powertop-2.11/traceevent/parse-utils.c:69:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/powertop-2.11/traceevent/parse-utils.c:94:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/powertop-2.11/traceevent/trace-seq.c:114:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(s->buffer + s->len, len, fmt, ap); data/powertop-2.11/traceevent/trace-seq.c:149:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(s->buffer + s->len, len, fmt, args); data/powertop-2.11/src/devices/device.cpp:82:7: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (!realpath(current_path, real_path)) data/powertop-2.11/src/lib.cpp:349:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g = getenv("LANG"); data/powertop-2.11/src/main.cpp:390:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/powertop-2.11/src/main.cpp:448:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "cC::r::i:qt:w:Vh", long_options, &option_index); data/powertop-2.11/src/calibrate/calibrate.cpp:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/calibrate/calibrate.cpp:70:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/calibrate/calibrate.cpp:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/calibrate/calibrate.cpp:99:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/calibrate/calibrate.cpp:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/calibrate/calibrate.cpp:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/calibrate/calibrate.cpp:183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/calibrate/calibrate.cpp:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64*1024]; data/powertop-2.11/src/calibrate/calibrate.cpp:232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/powertop-2.11/src/calibrate/calibrate.cpp:234:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filename ,"/tmp/powertop.XXXXXX"); data/powertop-2.11/src/calibrate/calibrate.cpp:235:7: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(filename); data/powertop-2.11/src/calibrate/calibrate.cpp:333:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; data/powertop-2.11/src/calibrate/calibrate.cpp:337:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%i\n", blmax / 4); data/powertop-2.11/src/calibrate/calibrate.cpp:341:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%i\n", blmax / 2); data/powertop-2.11/src/calibrate/calibrate.cpp:345:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%i\n", 3 * blmax / 4 ); data/powertop-2.11/src/calibrate/calibrate.cpp:349:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%i\n", blmax); data/powertop-2.11/src/cpu/abstract_cpu.cpp:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[4096]; data/powertop-2.11/src/cpu/abstract_cpu.cpp:116:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/abstract_cpu.cpp:453:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/cpu/abstract_cpu.cpp:462:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile.open(filename, ios::in); data/powertop-2.11/src/cpu/abstract_cpu.cpp:467:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile.open(filename, ios::in); data/powertop-2.11/src/cpu/abstract_cpu.cpp:473:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile.open(filename, ios::in); data/powertop-2.11/src/cpu/abstract_cpu.cpp:478:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile.open(filename, ios::out); data/powertop-2.11/src/cpu/abstract_cpu.cpp:481:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile.open(filename, ios::out); data/powertop-2.11/src/cpu/abstract_cpu.cpp:485:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile.open(filename, ios::out); data/powertop-2.11/src/cpu/abstract_cpu.cpp:488:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile.open(filename, ios::out); data/powertop-2.11/src/cpu/abstract_cpu.cpp:494:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile.open(filename, ios::out); data/powertop-2.11/src/cpu/cpu.cpp:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packagename[128]; data/powertop-2.11/src/cpu/cpu.cpp:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/cpu/cpu.cpp:174:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu.cpp:181:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu.cpp:250:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/cpu/cpu.cpp:253:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[128]; data/powertop-2.11/src/cpu/cpu.cpp:257:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open("/proc/cpuinfo", ios::in); data/powertop-2.11/src/cpu/cpu.cpp:447:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512], buffer2[512], tmp_num[50]; data/powertop-2.11/src/cpu/cpu.cpp:537:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp_num,"%d", _package->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:596:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp_num,"%d",_cpu->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512], buffer2[512], tmp_num[50]; data/powertop-2.11/src/cpu/cpu.cpp:755:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp_num,"%d", _package->get_number()); data/powertop-2.11/src/cpu/cpu.cpp:841:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/powertop-2.11/src/cpu/cpu.cpp:842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[1024]; data/powertop-2.11/src/cpu/cpu.cpp:902:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(linebuf, "| "); data/powertop-2.11/src/cpu/cpu.cpp:913:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(linebuf, "| "); data/powertop-2.11/src/cpu/cpu.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linux_name[16]; /* state0 etc.. cpuidle name */ data/powertop-2.11/src/cpu/cpu.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char human_name[32]; data/powertop-2.11/src/cpu/cpu.h:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char human_name[32]; data/powertop-2.11/src/cpu/cpu_core.cpp:42:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%5.1f%%", percentage(cstates[i]->duration_delta / time_factor)); data/powertop-2.11/src/cpu/cpu_core.cpp:91:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" Core")); data/powertop-2.11/src/cpu/cpu_core.cpp:98:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer," %5.1f%% ", percentage(1.0* (pstates[line_nr]->time_after) / total_stamp)); data/powertop-2.11/src/cpu/cpu_linux.cpp:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/powertop-2.11/src/cpu/cpu_linux.cpp:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linux_name[64]; data/powertop-2.11/src/cpu/cpu_linux.cpp:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char human_name[64]; data/powertop-2.11/src/cpu/cpu_linux.cpp:72:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:82:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:91:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/powertop-2.11/src/cpu/cpu_linux.cpp:118:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:121:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/powertop-2.11/src/cpu/cpu_linux.cpp:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/powertop-2.11/src/cpu/cpu_linux.cpp:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linux_name[64]; data/powertop-2.11/src/cpu/cpu_linux.cpp:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char human_name[64]; data/powertop-2.11/src/cpu/cpu_linux.cpp:172:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:181:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/powertop-2.11/src/cpu/cpu_linux.cpp:201:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/cpu_linux.cpp:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/powertop-2.11/src/cpu/cpu_linux.cpp:242:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" CPU(OS) %i"), number); data/powertop-2.11/src/cpu/cpu_linux.cpp:251:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%5.1f%%", percentage(cstates[i]->duration_delta / time_factor)); data/powertop-2.11/src/cpu/cpu_linux.cpp:271:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%5.1f%%", data/powertop-2.11/src/cpu/cpu_linux.cpp:291:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%6.1f ms", data/powertop-2.11/src/cpu/cpu_linux.cpp:341:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" CPU %i"), number); data/powertop-2.11/src/cpu/cpu_linux.cpp:348:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer," %5.1f%% ", percentage(1.0* (pstates[line_nr]->time_after) / total_stamp)); data/powertop-2.11/src/cpu/cpu_package.cpp:54:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%5.1f%%", percentage(cstates[i]->duration_delta / time_factor)); data/powertop-2.11/src/cpu/cpu_package.cpp:104:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" Package")); data/powertop-2.11/src/cpu/cpu_package.cpp:111:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer," %5.1f%% ", percentage(1.0* (pstates[line_nr]->time_after) / total_stamp)); data/powertop-2.11/src/cpu/cpudevice.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _class[128]; data/powertop-2.11/src/cpu/cpudevice.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _cpuname[128]; data/powertop-2.11/src/cpu/intel_cpus.cpp:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[32] = { '\0' }; data/powertop-2.11/src/cpu/intel_cpus.cpp:109:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/intel_cpus.cpp:206:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/cpu/intel_cpus.cpp:234:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/intel_cpus.cpp:237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/powertop-2.11/src/cpu/intel_cpus.cpp:336:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" Core")); data/powertop-2.11/src/cpu/intel_cpus.cpp:343:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer," %5.1f%% ", percentage(1.0* (pstates[line_nr]->time_after) / total_stamp)); data/powertop-2.11/src/cpu/intel_cpus.cpp:436:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" Package")); data/powertop-2.11/src/cpu/intel_cpus.cpp:443:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer," %5.1f%% ", percentage(1.0* (pstates[line_nr]->time_after) / total_stamp)); data/powertop-2.11/src/cpu/intel_cpus.cpp:588:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/cpu/intel_cpus.cpp:602:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/cpu/intel_cpus.cpp:605:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/powertop-2.11/src/cpu/intel_cpus.cpp:656:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, _("Average")); data/powertop-2.11/src/cpu/intel_cpus.cpp:675:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" CPU %i"), number); data/powertop-2.11/src/cpu/intel_cpus.cpp:688:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer," %5.1f%% ", percentage(1.0* (pstates[line_nr]->time_after) / total_stamp)); data/powertop-2.11/src/cpu/intel_gpu.cpp:64:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,_(" GPU ")); data/powertop-2.11/src/cpu/intel_gpu.cpp:96:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%5.1f%%", d); data/powertop-2.11/src/devices/ahci.cpp:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[PATH_MAX]; data/powertop-2.11/src/devices/ahci.cpp:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096], *c; data/powertop-2.11/src/devices/ahci.cpp:69:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(line, "r"); data/powertop-2.11/src/devices/ahci.cpp:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[PATH_MAX]; data/powertop-2.11/src/devices/ahci.cpp:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/powertop-2.11/src/devices/ahci.cpp:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[128]; data/powertop-2.11/src/devices/ahci.cpp:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/ahci.cpp:166:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:172:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:179:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:185:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/ahci.cpp:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char powername[4096]; data/powertop-2.11/src/devices/ahci.cpp:207:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:213:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:219:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:225:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/ahci.cpp:311:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). check_file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:317:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/ahci.cpp:408:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char util[128]; data/powertop-2.11/src/devices/ahci.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/ahci.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/ahci.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char humanname[4096]; data/powertop-2.11/src/devices/alsa.cpp:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[4096]; data/powertop-2.11/src/devices/alsa.cpp:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[4096]; data/powertop-2.11/src/devices/alsa.cpp:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[4096]; data/powertop-2.11/src/devices/alsa.cpp:65:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(devname); data/powertop-2.11/src/devices/alsa.cpp:71:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(devname); data/powertop-2.11/src/devices/alsa.cpp:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/alsa.cpp:91:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/alsa.cpp:97:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/alsa.cpp:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/alsa.cpp:117:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/alsa.cpp:123:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/alsa.cpp:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/alsa.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/alsa.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/alsa.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char humanname[4096]; data/powertop-2.11/src/devices/alsa.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buf[4096]; data/powertop-2.11/src/devices/backlight.cpp:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/backlight.cpp:62:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/backlight.cpp:69:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/backlight.cpp:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/backlight.cpp:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/devices/backlight.cpp:95:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/backlight.cpp:103:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/backlight.cpp:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/backlight.cpp:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char powername[4096]; data/powertop-2.11/src/devices/backlight.cpp:126:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/backlight.cpp:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/backlight.cpp:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char powername[4096]; data/powertop-2.11/src/devices/backlight.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/backlight.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/devfreq.cpp:97:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state->human_name, "Idle"); data/powertop-2.11/src/devices/devfreq.cpp:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/powertop-2.11/src/devices/devfreq.cpp:127:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename); data/powertop-2.11/src/devices/devfreq.cpp:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/powertop-2.11/src/devices/devfreq.cpp:194:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %5.1f%% ", percentage(1.0 * state->time_after / sample_time)); data/powertop-2.11/src/devices/devfreq.cpp:268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fline[1024]; data/powertop-2.11/src/devices/devfreq.cpp:269:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/powertop-2.11/src/devices/devfreq.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_name[128]; data/powertop-2.11/src/devices/device.cpp:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_path[PATH_MAX + 1]; data/powertop-2.11/src/devices/device.cpp:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_path[PATH_MAX + 1]; data/powertop-2.11/src/devices/device.cpp:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char util[128]; data/powertop-2.11/src/devices/device.cpp:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char power[128]; data/powertop-2.11/src/devices/device.cpp:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/powertop-2.11/src/devices/device.cpp:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/powertop-2.11/src/devices/device.cpp:209:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(power, " "); data/powertop-2.11/src/devices/device.cpp:254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/powertop-2.11/src/devices/device.cpp:284:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char util[128]; data/powertop-2.11/src/devices/device.cpp:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char power[128]; data/powertop-2.11/src/devices/device.cpp:303:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(power, " "); data/powertop-2.11/src/devices/device.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guilty[4096]; data/powertop-2.11/src/devices/device.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real_path[PATH_MAX+1]; data/powertop-2.11/src/devices/i915-gpu.cpp:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/network.cpp:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/devices/network.cpp:88:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open("/proc/net/dev", ios::in); data/powertop-2.11/src/devices/network.cpp:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/devices/network.cpp:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[128]; data/powertop-2.11/src/devices/network.cpp:349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[128]; data/powertop-2.11/src/devices/network.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/network.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/network.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char humanname[4096]; data/powertop-2.11/src/devices/rfkill.cpp:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/devices/rfkill.cpp:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/rfkill.cpp:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[128]; data/powertop-2.11/src/devices/rfkill.cpp:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/rfkill.cpp:84:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/rfkill.cpp:91:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/rfkill.cpp:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/rfkill.cpp:104:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/rfkill.cpp:110:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/rfkill.cpp:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/rfkill.cpp:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096] = {0}; data/powertop-2.11/src/devices/rfkill.cpp:148:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/rfkill.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/rfkill.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/rfkill.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char humanname[4096]; data/powertop-2.11/src/devices/runtime_pm.cpp:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/runtime_pm.cpp:70:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:77:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/runtime_pm.cpp:90:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:97:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/runtime_pm.cpp:155:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:164:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/runtime_pm.cpp:202:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev_name[4096]; data/powertop-2.11/src/devices/runtime_pm.cpp:210:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:225:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:233:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/runtime_pm.cpp:240:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[4096]; data/powertop-2.11/src/devices/runtime_pm.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/runtime_pm.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/runtime_pm.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char humanname[4096]; data/powertop-2.11/src/devices/thinkpad-fan.cpp:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/thinkpad-light.cpp:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/usb.cpp:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/usb.cpp:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[4096]; data/powertop-2.11/src/devices/usb.cpp:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[4096]; data/powertop-2.11/src/devices/usb.cpp:67:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/usb.cpp:80:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/usb.cpp:88:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/usb.cpp:102:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/usb.cpp:109:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/devices/usb.cpp:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[PATH_MAX]; data/powertop-2.11/src/devices/usb.cpp:130:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(fullpath, ios::in); data/powertop-2.11/src/devices/usb.cpp:137:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(fullpath, ios::in); data/powertop-2.11/src/devices/usb.cpp:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[PATH_MAX]; data/powertop-2.11/src/devices/usb.cpp:150:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(fullpath, ios::in); data/powertop-2.11/src/devices/usb.cpp:157:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(fullpath, ios::in); data/powertop-2.11/src/devices/usb.cpp:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devfs_name[1024]; data/powertop-2.11/src/devices/usb.cpp:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devices/usb.cpp:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device_name[PATH_MAX]; data/powertop-2.11/src/devices/usb.cpp:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendorid[64], devid[64]; data/powertop-2.11/src/devices/usb.cpp:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devid_name[4096]; data/powertop-2.11/src/devices/usb.cpp:231:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(device_name, ios::in); data/powertop-2.11/src/devices/usb.cpp:236:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(device_name, ios::in); data/powertop-2.11/src/devices/usb.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/devices/usb.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; data/powertop-2.11/src/devices/usb.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[4096]; data/powertop-2.11/src/devices/usb.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char humanname[4096]; data/powertop-2.11/src/devlist.cpp:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/devlist.cpp:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char link[PATH_MAX]; data/powertop-2.11/src/devlist.cpp:302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prev[128], proc[128]; data/powertop-2.11/src/devlist.h:6:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comm[32]; data/powertop-2.11/src/devlist.h:7:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device[252]; data/powertop-2.11/src/devlist.h:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device[252]; data/powertop-2.11/src/lib.cpp:93:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%9lli", Hz); data/powertop-2.11/src/lib.cpp:97:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4lli MHz", (Hz+500)/1000); data/powertop-2.11/src/lib.cpp:99:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%6lli MHz", (Hz+500)/1000); data/powertop-2.11/src/lib.cpp:104:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4.2f GHz", (Hz+5000.0)/1000000); data/powertop-2.11/src/lib.cpp:106:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%3.1f GHz", (Hz+5000.0)/1000000); data/powertop-2.11/src/lib.cpp:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/powertop-2.11/src/lib.cpp:122:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open("/proc/kallsyms", ios::in); data/powertop-2.11/src/lib.cpp:176:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename.c_str(), ios::out); data/powertop-2.11/src/lib.cpp:193:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename.c_str(), ios::in); data/powertop-2.11/src/lib.cpp:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char content[4096]; data/powertop-2.11/src/lib.cpp:219:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename.c_str(), ios::in); data/powertop-2.11/src/lib.cpp:239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char content[4096]; data/powertop-2.11/src/lib.cpp:241:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/lib.cpp:246:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/lib.cpp:287:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/powertop-2.11/src/lib.cpp:291:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, _(" 0 mW")); data/powertop-2.11/src/lib.cpp:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[16]; data/powertop-2.11/src/lib.cpp:368:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "NaN"); data/powertop-2.11/src/lib.cpp:371:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). omag = atoi(c + 1); data/powertop-2.11/src/lib.cpp:504:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msr_path[256]; data/powertop-2.11/src/lib.cpp:519:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(msr_path, O_RDONLY); data/powertop-2.11/src/lib.cpp:540:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msr_path[256]; data/powertop-2.11/src/lib.cpp:555:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(msr_path, O_WRONLY); data/powertop-2.11/src/lib.cpp:574:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notify[UI_NOTIFY_BUFF_SZ]; data/powertop-2.11/src/main.cpp:109:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4]; data/powertop-2.11/src/main.cpp:341:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open("/proc/sys/fs/nr_open", ios::in); data/powertop-2.11/src/main.cpp:434:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/main.cpp:435:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workload[PATH_MAX] = {0}; data/powertop-2.11/src/main.cpp:488:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iterations = (optarg ? atoi(optarg) : 1); data/powertop-2.11/src/main.cpp:495:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sample_interval = (optarg ? atoi(optarg) : 5); data/powertop-2.11/src/main.cpp:498:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_out = (optarg ? atoi(optarg) : 20); data/powertop-2.11/src/measurement/acpi.cpp:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/measurement/acpi.cpp:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/measurement/acpi.cpp:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rate_units[16]; data/powertop-2.11/src/measurement/acpi.cpp:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char capacity_units[16]; data/powertop-2.11/src/measurement/acpi.cpp:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char voltage_units[16]; data/powertop-2.11/src/measurement/acpi.cpp:78:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/measurement/acpi.cpp:103:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(rate_units, "Unknown"); data/powertop-2.11/src/measurement/acpi.cpp:118:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(capacity_units, "Unknown"); data/powertop-2.11/src/measurement/acpi.cpp:132:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(voltage_units, "Unknown"); data/powertop-2.11/src/measurement/acpi.cpp:157:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(capacity_units, "Ah"); data/powertop-2.11/src/measurement/acpi.cpp:161:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(capacity_units, "Wh"); data/powertop-2.11/src/measurement/acpi.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char battery_name[256]; data/powertop-2.11/src/measurement/extech.cpp:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/powertop-2.11/src/measurement/extech.cpp:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char op[32]; data/powertop-2.11/src/measurement/extech.cpp:90:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = open(device_name, O_RDWR | O_NONBLOCK | O_NOCTTY); data/powertop-2.11/src/measurement/extech.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev_name[256]; data/powertop-2.11/src/measurement/opal-sensors.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/powertop-2.11/src/measurement/sysfs.cpp:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/measurement/sysfs.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/powertop-2.11/src/parameters/parameters.cpp:454:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tempfilename[PATH_MAX]; data/powertop-2.11/src/parameters/persistent.cpp:44:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(pathname, ios::out); data/powertop-2.11/src/parameters/persistent.cpp:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/parameters/persistent.cpp:87:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(pathname, ios::in); data/powertop-2.11/src/parameters/persistent.cpp:153:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(pathname, ios::out); data/powertop-2.11/src/parameters/persistent.cpp:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/parameters/persistent.cpp:178:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(pathname, ios::in); data/powertop-2.11/src/perf/perf_bundle.cpp:64:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, header, header->size); data/powertop-2.11/src/perf/perf_bundle.cpp:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/powertop-2.11/src/perf/perf_bundle.cpp:108:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, O_RDONLY); data/powertop-2.11/src/perf/perf_bundle.cpp:122:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + len, buf, r); data/powertop-2.11/src/perf/perf_bundle.cpp:242:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[0]; data/powertop-2.11/src/process/do_process.cpp:830:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/powertop-2.11/src/process/do_process.cpp:855:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char power[16]; data/powertop-2.11/src/process/do_process.cpp:856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/powertop-2.11/src/process/do_process.cpp:857:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usage[20]; data/powertop-2.11/src/process/do_process.cpp:858:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char events[20]; data/powertop-2.11/src/process/do_process.cpp:859:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char descr[128]; data/powertop-2.11/src/process/do_process.cpp:863:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(power, " "); data/powertop-2.11/src/process/do_process.cpp:939:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char power[16]; data/powertop-2.11/src/process/do_process.cpp:940:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/powertop-2.11/src/process/do_process.cpp:941:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usage[20]; data/powertop-2.11/src/process/do_process.cpp:942:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wakes[20]; data/powertop-2.11/src/process/do_process.cpp:943:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gpus[20]; data/powertop-2.11/src/process/do_process.cpp:944:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char disks[20]; data/powertop-2.11/src/process/do_process.cpp:945:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xwakes[20]; data/powertop-2.11/src/process/do_process.cpp:946:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char descr[128]; data/powertop-2.11/src/process/do_process.cpp:950:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(power, " "); data/powertop-2.11/src/process/do_process.cpp:1085:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char power[16]; data/powertop-2.11/src/process/do_process.cpp:1086:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/powertop-2.11/src/process/do_process.cpp:1087:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usage[20]; data/powertop-2.11/src/process/do_process.cpp:1088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char events[20]; data/powertop-2.11/src/process/do_process.cpp:1089:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char descr[128]; data/powertop-2.11/src/process/do_process.cpp:1093:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(power, " "); data/powertop-2.11/src/process/interrupt.cpp:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/powertop-2.11/src/process/interrupt.cpp:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char handler[64]; data/powertop-2.11/src/process/interrupt.cpp:103:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(handler, "timer/%i", cpu); data/powertop-2.11/src/process/interrupt.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[256]; data/powertop-2.11/src/process/interrupt.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char handler[32]; data/powertop-2.11/src/process/process.cpp:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4097]; data/powertop-2.11/src/process/process.cpp:104:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(line, "/proc/%i/status", _pid); data/powertop-2.11/src/process/process.cpp:105:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(line); data/powertop-2.11/src/process/process.cpp:135:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(line, "/proc/%i/cmdline", _pid); data/powertop-2.11/src/process/process.cpp:136:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(line, ios::binary); data/powertop-2.11/src/process/process.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[256]; data/powertop-2.11/src/process/process.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comm[16]; data/powertop-2.11/src/process/processdevice.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; data/powertop-2.11/src/process/timer.cpp:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/process/timer.cpp:44:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen("/proc/timer_stats", "r"); data/powertop-2.11/src/process/timer.h:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[256]; data/powertop-2.11/src/process/timer.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char handler[32]; data/powertop-2.11/src/process/work.h:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[256]; data/powertop-2.11/src/process/work.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char handler[32]; data/powertop-2.11/src/report/report-formatter-base.cpp:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LINE_SIZE]; data/powertop-2.11/src/report/report-formatter-base.cpp:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LINE_SIZE]; data/powertop-2.11/src/report/report.cpp:51:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open("/proc/cpuinfo", ios::in); data/powertop-2.11/src/report/report.cpp:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/powertop-2.11/src/report/report.cpp:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char content[4096]; data/powertop-2.11/src/report/report.cpp:81:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename.c_str(), ios::in); data/powertop-2.11/src/report/report.cpp:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version_date[64]; data/powertop-2.11/src/report/report.cpp:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestr[200]; data/powertop-2.11/src/report/report.cpp:193:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reportout.report_file = fopen(reportout.filename, "wm"); data/powertop-2.11/src/report/report.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/bluetooth.cpp:48:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(desc, _("Bluetooth device interface status")); data/powertop-2.11/src/tuning/bluetooth.cpp:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/powertop-2.11/src/tuning/bluetooth.cpp:122:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(devinfo.name, "hci0"); data/powertop-2.11/src/tuning/bluetooth.cpp:145:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2048]; data/powertop-2.11/src/tuning/bluetooth.cpp:219:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(devinfo.name, "hci0"); data/powertop-2.11/src/tuning/ethernet.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interf[4096]; data/powertop-2.11/src/tuning/runtime.cpp:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/runtime.cpp:58:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/tuning/runtime.cpp:66:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/tuning/runtime.cpp:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX], port[PATH_MAX]; data/powertop-2.11/src/tuning/runtime.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char runtime_path[PATH_MAX]; data/powertop-2.11/src/tuning/tunable.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char good_string[128]; data/powertop-2.11/src/tuning/tunable.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bad_string[128]; data/powertop-2.11/src/tuning/tunable.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neutral_string[128]; data/powertop-2.11/src/tuning/tunable.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toggle_good[4096]; data/powertop-2.11/src/tuning/tunable.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toggle_bad[4096]; data/powertop-2.11/src/tuning/tunable.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[4096]; data/powertop-2.11/src/tuning/tuning.cpp:113:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[128]; data/powertop-2.11/src/tuning/tuning.cpp:114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[4096]; data/powertop-2.11/src/tuning/tuningi2c.cpp:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/tuningi2c.cpp:42:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/tuning/tuningi2c.cpp:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/tuningi2c.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char i2c_path[PATH_MAX]; data/powertop-2.11/src/tuning/tuningsysfs.cpp:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_value[4096], *c; data/powertop-2.11/src/tuning/tuningsysfs.cpp:59:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(sysfs_path, ios::in); data/powertop-2.11/src/tuning/tuningsysfs.cpp:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/tuningsysfs.cpp:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[4096]; data/powertop-2.11/src/tuning/tuningsysfs.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysfs_path[PATH_MAX]; data/powertop-2.11/src/tuning/tuningsysfs.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char target_value[4096]; data/powertop-2.11/src/tuning/tuningsysfs.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bad_value[4096]; data/powertop-2.11/src/tuning/tuningusb.cpp:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/tuningusb.cpp:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[2048]; data/powertop-2.11/src/tuning/tuningusb.cpp:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[2048]; data/powertop-2.11/src/tuning/tuningusb.cpp:57:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/tuning/tuningusb.cpp:65:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename, ios::in); data/powertop-2.11/src/tuning/tuningusb.cpp:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/tuning/tuningusb.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usb_path[PATH_MAX]; data/powertop-2.11/src/tuning/wifi.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iface[4096]; data/powertop-2.11/src/wakeup/waketab.cpp:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[128]; data/powertop-2.11/src/wakeup/waketab.cpp:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[4096]; data/powertop-2.11/src/wakeup/wakeup.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wakeup_enable[128]; data/powertop-2.11/src/wakeup/wakeup.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wakeup_disable[128]; data/powertop-2.11/src/wakeup/wakeup.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wakeup_idle[128]; data/powertop-2.11/src/wakeup/wakeup.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toggle_enable[4096]; data/powertop-2.11/src/wakeup/wakeup.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toggle_disable[4096]; data/powertop-2.11/src/wakeup/wakeup.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[4096]; data/powertop-2.11/src/wakeup/wakeup_ethernet.cpp:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/wakeup/wakeup_ethernet.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eth_path[PATH_MAX]; data/powertop-2.11/src/wakeup/wakeup_ethernet.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interf[4096]; data/powertop-2.11/src/wakeup/wakeup_usb.cpp:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/powertop-2.11/src/wakeup/wakeup_usb.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usb_path[PATH_MAX]; data/powertop-2.11/src/wakeup/wakeup_usb.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interf[4096]; data/powertop-2.11/traceevent/event-parse.c:836:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/powertop-2.11/traceevent/event-parse.c:1868:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(left->atom.atom, " *"); data/powertop-2.11/traceevent/event-parse.c:1992:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ref, type, len); data/powertop-2.11/traceevent/event-parse.c:2238:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[20]; data/powertop-2.11/traceevent/event-parse.c:2248:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%lld", val); data/powertop-2.11/traceevent/event-parse.c:3540:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, data + field->offset, len); data/powertop-2.11/traceevent/event-parse.c:4059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[32]; data/powertop-2.11/traceevent/event-parse.c:4178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(format, saveptr, len); data/powertop-2.11/traceevent/event-parse.c:4205:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(format, "0x%llx"); data/powertop-2.11/traceevent/event-parse.c:4261:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(format, saveptr, len); data/powertop-2.11/traceevent/event-parse.c:4574:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(events, pevent->events, sizeof(*events) * pevent->nr_events); data/powertop-2.11/traceevent/event-parse.c:4789:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *offset = atoi(token); data/powertop-2.11/traceevent/event-parse.c:4799:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *size = atoi(token); data/powertop-2.11/traceevent/event-parse.c:5128:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, msg, min(buflen - 1, len)); data/powertop-2.11/traceevent/event-parse.h:516:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&__val, (ptr), sizeof(unsigned long long)); \ data/powertop-2.11/traceevent/parse-filter.c:99:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(*tok, "%c%c", *token, '~'); data/powertop-2.11/traceevent/parse-filter.c:1214:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this_event, filter_str, len); data/powertop-2.11/traceevent/parse-filter.c:1723:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hex[64]; data/powertop-2.11/traceevent/parse-filter.c:1735:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arg->str.buffer, val, arg->str.field->size); data/powertop-2.11/traceevent/parse-filter.c:1954:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "TRUE"); data/powertop-2.11/traceevent/parse-filter.c:1956:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "FALSE"); data/powertop-2.11/traceevent/parse-filter.c:1995:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "FALSE"); data/powertop-2.11/traceevent/parse-filter.c:1997:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "TRUE"); data/powertop-2.11/traceevent/parse-filter.c:2187:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "TRUE"); data/powertop-2.11/traceevent/parse-filter.c:2189:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "FALSE"); data/powertop-2.11/traceevent/trace-seq.c:182:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->buffer + s->len, str, len); data/powertop-2.11/src/cpu/cpu.cpp:351:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(string) < newlen) data/powertop-2.11/src/cpu/cpu.cpp:352:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(string, " "); data/powertop-2.11/src/cpu/cpu.cpp:903:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctr += strlen("| "); data/powertop-2.11/src/cpu/cpu.cpp:914:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctr += strlen("| "); data/powertop-2.11/src/cpu/cpu.cpp:934:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(linebuf, "\n"); data/powertop-2.11/src/cpu/cpu_linux.cpp:64:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(entry->d_name) < 3) data/powertop-2.11/src/cpu/cpu_linux.cpp:164:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(entry->d_name) < 3) data/powertop-2.11/src/devices/ahci.cpp:153:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(diskname.c_str()) == 0) data/powertop-2.11/src/devices/alsa.cpp:76:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(model) && strlen(vendor)) data/powertop-2.11/src/devices/alsa.cpp:76:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(model) && strlen(vendor)) data/powertop-2.11/src/devices/alsa.cpp:78:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(model)) data/powertop-2.11/src/devices/alsa.cpp:80:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(vendor)) data/powertop-2.11/src/devices/alsa.cpp:204:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(guilty) > 0) data/powertop-2.11/src/devices/devfreq.cpp:295:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(fline, "\t"); data/powertop-2.11/src/devices/devfreq.cpp:300:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fline, "\n"); data/powertop-2.11/src/devices/device.cpp:202:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(util) < 13) strcat(util, " "); data/powertop-2.11/src/devices/device.cpp:202:29: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. while (strlen(util) < 13) strcat(util, " "); data/powertop-2.11/src/devices/network.cpp:113:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (c != c2 && strlen(c) > 0) { data/powertop-2.11/src/devices/rfkill.cpp:147:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, d_name, sizeof(name) - 1); data/powertop-2.11/src/devices/usb.cpp:93:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor) && strlen(product)) data/powertop-2.11/src/devices/usb.cpp:93:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor) && strlen(product)) data/powertop-2.11/src/devices/usb.cpp:95:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(product)) data/powertop-2.11/src/devices/usb.cpp:97:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(vendor)) data/powertop-2.11/src/devlist.cpp:169:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dev->device, link, 251); data/powertop-2.11/src/devlist.cpp:171:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dev->comm, read_sysfs_string("/proc/%s/comm", entry->d_name).c_str(), 31); data/powertop-2.11/src/devlist.cpp:220:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(_dev->guilty) < 2000 && strstr(_dev->guilty, one[i]->comm) == NULL) { data/powertop-2.11/src/devlist.cpp:222:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_dev->guilty, " "); data/powertop-2.11/src/devlist.cpp:232:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(_dev->guilty) < 2000 && strstr(_dev->guilty, two[i]->comm) == NULL) { data/powertop-2.11/src/devlist.cpp:234:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_dev->guilty, " "); data/powertop-2.11/src/display.cpp:127:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (c && strlen(c) > 0) data/powertop-2.11/src/lib.cpp:279:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buffer, " "); data/powertop-2.11/src/lib.cpp:394:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(p, "ยต"); /* Mu is a multibyte sequence */ data/powertop-2.11/src/lib.cpp:427:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) == 0) data/powertop-2.11/src/lib.cpp:495:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ret || strlen(buf); data/powertop-2.11/src/lib.h:78:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(d, s, N); data/powertop-2.11/src/main.cpp:154:3: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(6000); data/powertop-2.11/src/main.cpp:465:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(filename)) data/powertop-2.11/src/main.cpp:481:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(filename)) data/powertop-2.11/src/measurement/acpi.cpp:142:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(voltage_units, "V"); data/powertop-2.11/src/measurement/acpi.cpp:147:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(rate_units, "W"); data/powertop-2.11/src/measurement/acpi.cpp:152:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(rate_units, "A"); data/powertop-2.11/src/measurement/acpi.cpp:165:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(capacity_units, "J"); data/powertop-2.11/src/measurement/acpi.cpp:171:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(capacity_units, "J"); data/powertop-2.11/src/measurement/acpi.cpp:176:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(rate_units, "W"); data/powertop-2.11/src/measurement/extech.cpp:258:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(fd, &p.buf, 250); data/powertop-2.11/src/measurement/opal-sensors.cpp:34:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, power_supply_name, sizeof(name)); data/powertop-2.11/src/parameters/persistent.cpp:99:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line)>0) { data/powertop-2.11/src/parameters/persistent.cpp:108:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) < 3) { data/powertop-2.11/src/perf/perf.cpp:123:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(perf_fd, &read_data, sizeof(read_data)) == -1) { data/powertop-2.11/src/perf/perf_bundle.cpp:112:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((r = read(fd, buf, 4096)) > 0) { data/powertop-2.11/src/perf/perf_bundle.cpp:140:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file = (char *)malloc(strlen(sys) + strlen(event) + data/powertop-2.11/src/perf/perf_bundle.cpp:140:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file = (char *)malloc(strlen(sys) + strlen(event) + data/powertop-2.11/src/perf/perf_bundle.cpp:141:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("/sys/kernel/debug/tracing/events////format") + 2); data/powertop-2.11/src/perf/perf_bundle.cpp:151:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pevent_parse_event(perf_event::pevent, buf, strlen(buf), sys); data/powertop-2.11/src/perf/perf_event.h:525:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void (*read) (struct perf_event *event); data/powertop-2.11/src/process/process.cpp:132:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(desc + pos, comm, sizeof(desc) - pos - 1); data/powertop-2.11/src/process/process.cpp:139:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file.read(line, 4096); data/powertop-2.11/src/process/process.cpp:141:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) < 1) { data/powertop-2.11/src/process/process.cpp:147:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(desc + pos, line, sz); data/powertop-2.11/src/report/report.cpp:85:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(pname, content, strlen(pname)) == 0) { data/powertop-2.11/src/tuning/bluetooth.cpp:155:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) > 0) { data/powertop-2.11/src/tuning/tuning.cpp:117:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(res) < 12) data/powertop-2.11/src/tuning/tuning.cpp:118:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(res, " "); data/powertop-2.11/src/tuning/tuning.cpp:120:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(desc) < 103) data/powertop-2.11/src/tuning/tuning.cpp:121:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(desc, " "); data/powertop-2.11/src/tuning/tuningsysfs.cpp:82:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(bad_value) > 0) data/powertop-2.11/src/tuning/tuningsysfs.cpp:95:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(bad_value) > 0) data/powertop-2.11/src/tuning/tuningusb.cpp:70:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor) && strlen(product)) data/powertop-2.11/src/tuning/tuningusb.cpp:70:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor) && strlen(product)) data/powertop-2.11/src/tuning/tuningusb.cpp:72:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(product)) data/powertop-2.11/src/tuning/tuningusb.cpp:74:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(vendor)) data/powertop-2.11/src/wakeup/waketab.cpp:76:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(res) < 12) data/powertop-2.11/src/wakeup/waketab.cpp:77:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(res, " "); data/powertop-2.11/src/wakeup/waketab.cpp:79:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(desc) < 103) data/powertop-2.11/src/wakeup/waketab.cpp:80:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(desc, " "); data/powertop-2.11/traceevent/event-parse.c:1012:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). init_input_buf(str, strlen(str)); data/powertop-2.11/traceevent/event-parse.c:1324:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(field->type) + data/powertop-2.11/traceevent/event-parse.c:1325:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(last_token) + 2); data/powertop-2.11/traceevent/event-parse.c:1331:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(field->type, " "); data/powertop-2.11/traceevent/event-parse.c:1376:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(brackets) + data/powertop-2.11/traceevent/event-parse.c:1377:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(token) + len); data/powertop-2.11/traceevent/event-parse.c:1384:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(brackets, " "); data/powertop-2.11/traceevent/event-parse.c:1398:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_brackets = realloc(brackets, strlen(brackets) + 2); data/powertop-2.11/traceevent/event-parse.c:1404:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(brackets, "]"); data/powertop-2.11/traceevent/event-parse.c:1416:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(field->type) + data/powertop-2.11/traceevent/event-parse.c:1417:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(field->name) + data/powertop-2.11/traceevent/event-parse.c:1418:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(brackets) + 2); data/powertop-2.11/traceevent/event-parse.c:1424:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(field->type, " "); data/powertop-2.11/traceevent/event-parse.c:1434:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(field->type) + data/powertop-2.11/traceevent/event-parse.c:1435:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(brackets) + 1); data/powertop-2.11/traceevent/event-parse.c:1863:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(left->atom.atom) + 3); data/powertop-2.11/traceevent/event-parse.c:1978:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(type); data/powertop-2.11/traceevent/event-parse.c:2797:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(atom) + strlen(token) + 2); data/powertop-2.11/traceevent/event-parse.c:2797:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(atom) + strlen(token) + 2); data/powertop-2.11/traceevent/event-parse.c:2805:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(atom, " "); data/powertop-2.11/traceevent/event-parse.c:3866:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bptr += strlen(bptr) + 1; data/powertop-2.11/traceevent/event-parse.c:3920:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = format + strlen(format) - 1; data/powertop-2.11/traceevent/event-parse.c:4203:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p+1, p, strlen(p)+1); data/powertop-2.11/traceevent/event-parse.c:4504:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(event->name); data/powertop-2.11/traceevent/event-parse.c:5127:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(msg); data/powertop-2.11/traceevent/event-utils.h:60:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string = ret + strlen(ret) - 1; data/powertop-2.11/traceevent/parse-filter.c:57:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = input ? strlen(input) : 0; data/powertop-2.11/traceevent/parse-filter.c:286:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reg = malloc_or_die(strlen(event_name) + 3); data/powertop-2.11/traceevent/parse-filter.c:296:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reg = malloc_or_die(strlen(sys_name) + 3); data/powertop-2.11/traceevent/parse-filter.c:472:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg->value.str) == 1 && data/powertop-2.11/traceevent/parse-filter.c:1111:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pevent_buffer_init(filter_str, strlen(filter_str)); data/powertop-2.11/traceevent/parse-filter.c:1200:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filter_str); data/powertop-2.11/traceevent/parse-filter.c:1211:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filter_str); data/powertop-2.11/traceevent/parse-filter.c:1974:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(left) + strlen(right) + strlen(op) + 10; data/powertop-2.11/traceevent/parse-filter.c:1974:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(left) + strlen(right) + strlen(op) + 10; data/powertop-2.11/traceevent/parse-filter.c:1974:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(left) + strlen(right) + strlen(op) + 10; data/powertop-2.11/traceevent/parse-filter.c:2000:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(right) + strlen(op) + 3; data/powertop-2.11/traceevent/parse-filter.c:2000:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(right) + strlen(op) + 3; data/powertop-2.11/traceevent/parse-filter.c:2078:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(op) + strlen(lstr) + strlen(rstr) + 4; data/powertop-2.11/traceevent/parse-filter.c:2078:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(op) + strlen(lstr) + strlen(rstr) + 4; data/powertop-2.11/traceevent/parse-filter.c:2078:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(op) + strlen(lstr) + strlen(rstr) + 4; data/powertop-2.11/traceevent/parse-filter.c:2125:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lstr) + strlen(op) + strlen(rstr) + 4; data/powertop-2.11/traceevent/parse-filter.c:2125:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lstr) + strlen(op) + strlen(rstr) + 4; data/powertop-2.11/traceevent/parse-filter.c:2125:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lstr) + strlen(op) + strlen(rstr) + 4; data/powertop-2.11/traceevent/parse-filter.c:2164:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg->str.field->name) + strlen(op) + data/powertop-2.11/traceevent/parse-filter.c:2164:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg->str.field->name) + strlen(op) + data/powertop-2.11/traceevent/parse-filter.c:2165:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(arg->str.val) + 6; data/powertop-2.11/traceevent/trace-seq.c:177:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); ANALYSIS SUMMARY: Hits = 704 Lines analyzed = 33695 in approximately 0.86 seconds (39000 lines/second) Physical Source Lines of Code (SLOC) = 22266 Hits@level = [0] 431 [1] 123 [2] 435 [3] 4 [4] 138 [5] 4 Hits@level+ = [0+] 1135 [1+] 704 [2+] 581 [3+] 146 [4+] 142 [5+] 4 Hits/KSLOC@level+ = [0+] 50.9746 [1+] 31.6177 [2+] 26.0936 [3+] 6.55708 [4+] 6.37744 [5+] 0.179646 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.