Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rt-app-0.3/libdl/dl_syscalls.c
Examining data/rt-app-0.3/libdl/dl_syscalls.h
Examining data/rt-app-0.3/src/rt-app_parse_config.c
Examining data/rt-app-0.3/src/rt-app_args.c
Examining data/rt-app-0.3/src/rt-app.c
Examining data/rt-app-0.3/src/rt-app.h
Examining data/rt-app-0.3/src/rt-app_args.h
Examining data/rt-app-0.3/src/rt-app_parse_config.h
Examining data/rt-app-0.3/src/rt-app_types.h
Examining data/rt-app-0.3/src/rt-app_utils.c
Examining data/rt-app-0.3/src/rt-app_utils.h
FINAL RESULTS:
data/rt-app-0.3/src/rt-app.c:750:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, ft_data.debugfs);
data/rt-app-0.3/src/rt-app.c:752:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, ft_data.debugfs);
data/rt-app-0.3/src/rt-app_utils.c:284:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(tmp, BUF_SIZE, fmt, ap);
data/rt-app-0.3/src/rt-app_utils.h:55:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(where, LOG_PREFIX level_pfx msg "\n", ##args); \
data/rt-app-0.3/src/rt-app.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_LENGTH];
data/rt-app-0.3/src/rt-app.c:751:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "/tracing/tracing_on");
data/rt-app-0.3/src/rt-app.c:753:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "/tracing/trace_marker");
data/rt-app-0.3/src/rt-app.c:754:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ft_data.marker_fd = open(tmp, O_WRONLY);
data/rt-app-0.3/src/rt-app.c:800:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tdata->log_handler = fopen(tmp, "w");
data/rt-app-0.3/src/rt-app.c:815:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gnuplot_script = fopen(tmp, "w+");
data/rt-app-0.3/src/rt-app.c:849:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gnuplot_script = fopen(tmp, "w+");
data/rt-app-0.3/src/rt-app.c:884:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gnuplot_script = fopen(tmp, "w+");
data/rt-app-0.3/src/rt-app_parse_config.c:208:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data->res.dev.fd = open(opts->io_device, O_CREAT | O_WRONLY, 0644);
data/rt-app-0.3/src/rt-app_parse_config.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_type[RTAPP_RESOURCE_DESCR_LENGTH];
data/rt-app-0.3/src/rt-app_parse_config.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unique_name[22];
data/rt-app-0.3/src/rt-app_parse_config.c:639:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_policy[RTAPP_POLICY_DESCR_LENGTH];
data/rt-app-0.3/src/rt-app_parse_config.c:928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[JSON_FILE_BUF_SIZE];
data/rt-app-0.3/src/rt-app_types.h:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sched_policy_descr[RTAPP_POLICY_DESCR_LENGTH];
data/rt-app-0.3/src/rt-app_utils.c:188:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(policy_name, "SCHED_OTHER");
data/rt-app-0.3/src/rt-app_utils.c:191:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(policy_name, "SCHED_RR");
data/rt-app-0.3/src/rt-app_utils.c:194:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(policy_name, "SCHED_FIFO");
data/rt-app-0.3/src/rt-app_utils.c:198:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(policy_name, "SCHED_DEADLINE");
data/rt-app-0.3/src/rt-app_utils.c:236:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "mutex");
data/rt-app-0.3/src/rt-app_utils.c:239:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "wait");
data/rt-app-0.3/src/rt-app_utils.c:242:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "signal");
data/rt-app-0.3/src/rt-app_utils.c:245:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "broadcast");
data/rt-app-0.3/src/rt-app_utils.c:248:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "sync");
data/rt-app-0.3/src/rt-app_utils.c:251:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "sleep");
data/rt-app-0.3/src/rt-app_utils.c:254:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "run");
data/rt-app-0.3/src/rt-app_utils.c:257:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(resource_name, "timer");
data/rt-app-0.3/src/rt-app_parse_config.c:342:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "run", strlen("run")) ||
data/rt-app-0.3/src/rt-app_parse_config.c:343:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(name, "sleep", strlen("sleep"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:350:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "sleep", strlen("sleep")))
data/rt-app-0.3/src/rt-app_parse_config.c:352:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(name, "runtime", strlen("runtime")))
data/rt-app-0.3/src/rt-app_parse_config.c:361:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "mem", strlen("mem")) ||
data/rt-app-0.3/src/rt-app_parse_config.c:362:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(name, "iorun", strlen("iorun"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:373:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, "iorun", strlen("iorun")) == 0) {
data/rt-app-0.3/src/rt-app_parse_config.c:378:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "mem", strlen("mem")))
data/rt-app-0.3/src/rt-app_parse_config.c:387:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "lock", strlen("lock")) ||
data/rt-app-0.3/src/rt-app_parse_config.c:388:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(name, "unlock", strlen("unlock"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:398:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "lock", strlen("lock")))
data/rt-app-0.3/src/rt-app_parse_config.c:410:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "signal", strlen("signal")) ||
data/rt-app-0.3/src/rt-app_parse_config.c:411:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(name, "broad", strlen("broad"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:413:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "signal", strlen("signal")))
data/rt-app-0.3/src/rt-app_parse_config.c:433:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "wait", strlen("wait")) ||
data/rt-app-0.3/src/rt-app_parse_config.c:434:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(name, "sync", strlen("sync"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:436:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "wait", strlen("wait")))
data/rt-app-0.3/src/rt-app_parse_config.c:468:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "timer", strlen("timer"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:471:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(tmp, "unique", strlen("unique")))
data/rt-app-0.3/src/rt-app_parse_config.c:494:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(tmp, "absolute", strlen("absolute")))
data/rt-app-0.3/src/rt-app_parse_config.c:502:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "resume", strlen("resume"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:526:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "suspend", strlen("suspend"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:549:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, "yield", strlen("yield"))) {
data/rt-app-0.3/src/rt-app_parse_config.c:592:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, event, strlen(event)))
ANALYSIS SUMMARY:
Hits = 54
Lines analyzed = 2904 in approximately 0.09 seconds (31036 lines/second)
Physical Source Lines of Code (SLOC) = 2100
Hits@level = [0] 34 [1] 24 [2] 26 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 88 [1+] 54 [2+] 30 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 41.9048 [1+] 25.7143 [2+] 14.2857 [3+] 1.90476 [4+] 1.90476 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.