Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/razercfg-0.42+ds/razerd/razerd.c
Examining data/razercfg-0.42+ds/librazer/util.h
Examining data/razercfg-0.42+ds/librazer/util.c
Examining data/razercfg-0.42+ds/librazer/synapse.h
Examining data/razercfg-0.42+ds/librazer/synapse.c
Examining data/razercfg-0.42+ds/librazer/razer_private.h
Examining data/razercfg-0.42+ds/librazer/profile_emulation.h
Examining data/razercfg-0.42+ds/librazer/profile_emulation.c
Examining data/razercfg-0.42+ds/librazer/librazer.h
Examining data/razercfg-0.42+ds/librazer/librazer.c
Examining data/razercfg-0.42+ds/librazer/hw_taipan.h
Examining data/razercfg-0.42+ds/librazer/hw_taipan.c
Examining data/razercfg-0.42+ds/librazer/hw_naga.h
Examining data/razercfg-0.42+ds/librazer/hw_naga.c
Examining data/razercfg-0.42+ds/librazer/hw_mamba_tournament_edition.h
Examining data/razercfg-0.42+ds/librazer/hw_mamba_tournament_edition.c
Examining data/razercfg-0.42+ds/librazer/hw_lachesis5k6.h
Examining data/razercfg-0.42+ds/librazer/hw_lachesis5k6.c
Examining data/razercfg-0.42+ds/librazer/hw_lachesis.h
Examining data/razercfg-0.42+ds/librazer/hw_lachesis.c
Examining data/razercfg-0.42+ds/librazer/hw_krait.h
Examining data/razercfg-0.42+ds/librazer/hw_krait.c
Examining data/razercfg-0.42+ds/librazer/hw_imperator.h
Examining data/razercfg-0.42+ds/librazer/hw_imperator.c
Examining data/razercfg-0.42+ds/librazer/hw_diamondback_chroma.h
Examining data/razercfg-0.42+ds/librazer/hw_diamondback_chroma.c
Examining data/razercfg-0.42+ds/librazer/hw_deathadder_chroma.h
Examining data/razercfg-0.42+ds/librazer/hw_deathadder_chroma.c
Examining data/razercfg-0.42+ds/librazer/hw_deathadder2013.h
Examining data/razercfg-0.42+ds/librazer/hw_deathadder2013.c
Examining data/razercfg-0.42+ds/librazer/hw_deathadder.h
Examining data/razercfg-0.42+ds/librazer/hw_deathadder.c
Examining data/razercfg-0.42+ds/librazer/hw_copperhead.h
Examining data/razercfg-0.42+ds/librazer/hw_copperhead.c
Examining data/razercfg-0.42+ds/librazer/hw_boomslangce.h
Examining data/razercfg-0.42+ds/librazer/hw_boomslangce.c
Examining data/razercfg-0.42+ds/librazer/cypress_bootloader.h
Examining data/razercfg-0.42+ds/librazer/cypress_bootloader.c
Examining data/razercfg-0.42+ds/librazer/config.h
Examining data/razercfg-0.42+ds/librazer/config.c
Examining data/razercfg-0.42+ds/librazer/buttonmapping.h
Examining data/razercfg-0.42+ds/librazer/buttonmapping.c
FINAL RESULTS:
data/razercfg-0.42+ds/razerd/razerd.c:486:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
err = chmod(path, perm);
data/razercfg-0.42+ds/librazer/cypress_bootloader.c:55:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, message);
data/razercfg-0.42+ds/librazer/librazer.c:361:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globstr, section);
data/razercfg-0.42+ds/librazer/librazer.c:362:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idstr, m->idstr);
data/razercfg-0.42+ds/librazer/util.c:308:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((i % 2) ? " " : " ");
data/razercfg-0.42+ds/razerd/razerd.c:371:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/razercfg-0.42+ds/razerd/razerd.c:385:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/razercfg-0.42+ds/razerd/razerd.c:400:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/razercfg-0.42+ds/razerd/razerd.c:2169:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hvBc:CpP:l:f",
data/razercfg-0.42+ds/librazer/config.c:216:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, "rb");
data/razercfg-0.42+ds/librazer/cypress_bootloader.c:54:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ", ");
data/razercfg-0.42+ds/librazer/cypress_bootloader.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512] = { 0, }; /* big enough for all messages */
data/razercfg-0.42+ds/librazer/cypress_bootloader.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd.payload[3], data, 32);
data/razercfg-0.42+ds/librazer/hw_boomslangce.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/razercfg-0.42+ds/librazer/hw_copperhead.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/razercfg-0.42+ds/librazer/hw_deathadder.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/razercfg-0.42+ds/librazer/hw_deathadder_chroma.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[DEATHADDER_CHROMA_REQUEST_SIZE_GET_SERIAL_NO + 1];
data/razercfg-0.42+ds/librazer/hw_deathadder_chroma.c:495:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*res_ptr, deathadder_chroma_freqs_list,
data/razercfg-0.42+ds/librazer/hw_diamondback_chroma.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[DIAMONDBACK_CHROMA_REQUEST_SIZE_GET_SERIAL_NO + 1];
data/razercfg-0.42+ds/librazer/hw_diamondback_chroma.c:557:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*res_ptr, diamondback_chroma_freqs_list, sizeof(diamondback_chroma_freqs_list));
data/razercfg-0.42+ds/librazer/hw_mamba_tournament_edition.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[MAMBA_TE_REQUEST_SIZE_GET_SERIAL_NO + 1];
data/razercfg-0.42+ds/librazer/hw_mamba_tournament_edition.c:557:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*res_ptr, mamba_te_freqs_list, sizeof(mamba_te_freqs_list));
data/razercfg-0.42+ds/librazer/hw_naga.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->values + 1, &xres, 2);
data/razercfg-0.42+ds/librazer/hw_naga.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->values + 3, &yres, 2);
data/razercfg-0.42+ds/librazer/hw_naga.c:233:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&be16, &cmd.values, 2);
data/razercfg-0.42+ds/librazer/hw_naga.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.values, naga_leds[led_id].values, 2);
data/razercfg-0.42+ds/librazer/librazer.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[RAZER_IDSTR_MAX_SIZE + 1] = { 0, };
data/razercfg-0.42+ds/librazer/librazer.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char globstr[RAZER_IDSTR_MAX_SIZE + 1] = { 0, };
data/razercfg-0.42+ds/librazer/librazer.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64] = { 0, }, b[64] = { 0, };
data/razercfg-0.42+ds/librazer/librazer.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[tmplen], b[tmplen], c[tmplen];
data/razercfg-0.42+ds/librazer/librazer.c:1193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devid[96];
data/razercfg-0.42+ds/librazer/librazer.c:1194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_buf[64];
data/razercfg-0.42+ds/librazer/librazer.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buspos[16];
data/razercfg-0.42+ds/librazer/librazer.h:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[RAZER_IDSTR_MAX_SIZE + 1];
data/razercfg-0.42+ds/librazer/profile_emulation.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PROFEMU_NAME_MAX + 1];
data/razercfg-0.42+ds/librazer/synapse.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/razercfg-0.42+ds/librazer/synapse.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[SYNAPSE_SERIAL_MAX_LEN + 1];
data/razercfg-0.42+ds/librazer/synapse.c:347:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req.payload, payload, payload_len);
data/razercfg-0.42+ds/librazer/synapse.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req.payload, payload, payload_len);
data/razercfg-0.42+ds/librazer/synapse.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, req.payload, payload_len);
data/razercfg-0.42+ds/librazer/synapse.c:550:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->serial, devinfo.serial, SYNAPSE_SERIAL_MAX_LEN);
data/razercfg-0.42+ds/librazer/util.c:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/razercfg-0.42+ds/librazer/util.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii[17] = { 0, };
data/razercfg-0.42+ds/razerd/razerd.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[RAZER_IDSTR_MAX_SIZE];
data/razercfg-0.42+ds/razerd/razerd.c:205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char led_name[RAZER_LEDNAME_MAX_SIZE];
data/razercfg-0.42+ds/razerd/razerd.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0, };
data/razercfg-0.42+ds/razerd/razerd.c:427:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(cmdargs.pidfile, O_RDWR | O_CREAT | O_TRUNC, 0444);
data/razercfg-0.42+ds/razerd/razerd.c:790:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((uint16_t *)r->string.str)[i], &value, sizeof(value));
data/razercfg-0.42+ds/razerd/razerd.c:941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[RAZER_IDSTR_MAX_SIZE + 1];
data/razercfg-0.42+ds/razerd/razerd.c:1500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asciibuf[64] = { };
data/razercfg-0.42+ds/razerd/razerd.c:2001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[COMMAND_MAX_SIZE + 1] = { 0, };
data/razercfg-0.42+ds/razerd/razerd.c:2027:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[COMMAND_MAX_SIZE + 1] = { 0, };
data/razercfg-0.42+ds/librazer/config.c:235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/razercfg-0.42+ds/librazer/hw_deathadder_chroma.c:343:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(drv_data->serial, (const char *)cmd.bvalue,
data/razercfg-0.42+ds/librazer/hw_diamondback_chroma.c:365:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(drv_data->serial, (const char *)cmd.bvalue,
data/razercfg-0.42+ds/librazer/hw_mamba_tournament_edition.c:365:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(drv_data->serial, (const char *)cmd.bvalue,
data/razercfg-0.42+ds/librazer/librazer.c:356:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(section) > RAZER_IDSTR_MAX_SIZE) {
data/razercfg-0.42+ds/librazer/librazer.c:529:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(a) || !strlen(b))
data/razercfg-0.42+ds/librazer/librazer.c:529:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(a) || !strlen(b))
data/razercfg-0.42+ds/librazer/librazer.c:531:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)) {
data/razercfg-0.42+ds/librazer/librazer.c:593:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(a) || !strlen(b))
data/razercfg-0.42+ds/librazer/librazer.c:593:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(a) || !strlen(b))
data/razercfg-0.42+ds/librazer/librazer.c:595:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)) {
data/razercfg-0.42+ds/librazer/librazer.c:656:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(a) || !strlen(b))
data/razercfg-0.42+ds/librazer/librazer.c:656:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(a) || !strlen(b))
data/razercfg-0.42+ds/librazer/librazer.c:658:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)) {
data/razercfg-0.42+ds/librazer/librazer.c:1213:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (serial && strlen(serial)) {
data/razercfg-0.42+ds/librazer/librazer.c:1252:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(serial_buf, "0");
data/razercfg-0.42+ds/librazer/librazer.c:1505:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path)) {
data/razercfg-0.42+ds/librazer/util.c:57:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= elems_max_len)
data/razercfg-0.42+ds/librazer/util.c:162:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(start);
data/razercfg-0.42+ds/librazer/util.c:178:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/razercfg-0.42+ds/razerd/razerd.c:435:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = write(fd, buf, strlen(buf));
data/razercfg-0.42+ds/razerd/razerd.c:437:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (res < 0 || (size_t)res != strlen(buf)) {
data/razercfg-0.42+ds/razerd/razerd.c:747:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, len = strlen(str);
ANALYSIS SUMMARY:
Hits = 75
Lines analyzed = 15802 in approximately 0.34 seconds (46691 lines/second)
Physical Source Lines of Code (SLOC) = 12178
Hits@level = [0] 37 [1] 23 [2] 43 [3] 1 [4] 7 [5] 1
Hits@level+ = [0+] 112 [1+] 75 [2+] 52 [3+] 9 [4+] 8 [5+] 1
Hits/KSLOC@level+ = [0+] 9.19691 [1+] 6.15865 [2+] 4.27 [3+] 0.739038 [4+] 0.656922 [5+] 0.0821153
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.