Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/skiboot-6.6.2/asm/asm-offsets.c
Examining data/skiboot-6.6.2/ccan/array_size/array_size.h
Examining data/skiboot-6.6.2/ccan/array_size/test/compile_fail-function-param.c
Examining data/skiboot-6.6.2/ccan/array_size/test/compile_fail.c
Examining data/skiboot-6.6.2/ccan/array_size/test/run.c
Examining data/skiboot-6.6.2/ccan/build_assert/build_assert.h
Examining data/skiboot-6.6.2/ccan/build_assert/test/compile_fail-expr.c
Examining data/skiboot-6.6.2/ccan/build_assert/test/compile_fail.c
Examining data/skiboot-6.6.2/ccan/build_assert/test/compile_ok.c
Examining data/skiboot-6.6.2/ccan/build_assert/test/run-BUILD_ASSERT_OR_ZERO.c
Examining data/skiboot-6.6.2/ccan/check_type/check_type.h
Examining data/skiboot-6.6.2/ccan/check_type/test/compile_fail-check_type.c
Examining data/skiboot-6.6.2/ccan/check_type/test/compile_fail-check_type_unsigned.c
Examining data/skiboot-6.6.2/ccan/check_type/test/compile_fail-check_types_match.c
Examining data/skiboot-6.6.2/ccan/check_type/test/run.c
Examining data/skiboot-6.6.2/ccan/config.h
Examining data/skiboot-6.6.2/ccan/container_of/container_of.h
Examining data/skiboot-6.6.2/ccan/container_of/test/compile_fail-bad-type.c
Examining data/skiboot-6.6.2/ccan/container_of/test/compile_fail-types.c
Examining data/skiboot-6.6.2/ccan/container_of/test/compile_fail-var-types.c
Examining data/skiboot-6.6.2/ccan/container_of/test/run.c
Examining data/skiboot-6.6.2/ccan/endian/endian.h
Examining data/skiboot-6.6.2/ccan/endian/test/compile_ok-constant.c
Examining data/skiboot-6.6.2/ccan/endian/test/run.c
Examining data/skiboot-6.6.2/ccan/heap/heap.c
Examining data/skiboot-6.6.2/ccan/heap/heap.h
Examining data/skiboot-6.6.2/ccan/heap/test/run.c
Examining data/skiboot-6.6.2/ccan/list/list.c
Examining data/skiboot-6.6.2/ccan/list/list.h
Examining data/skiboot-6.6.2/ccan/list/test/compile_ok-constant.c
Examining data/skiboot-6.6.2/ccan/list/test/helper.c
Examining data/skiboot-6.6.2/ccan/list/test/helper.h
Examining data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c
Examining data/skiboot-6.6.2/ccan/list/test/run-list_del_from-assert.c
Examining data/skiboot-6.6.2/ccan/list/test/run-single-eval.c
Examining data/skiboot-6.6.2/ccan/list/test/run-with-debug.c
Examining data/skiboot-6.6.2/ccan/list/test/run.c
Examining data/skiboot-6.6.2/ccan/short_types/short_types.h
Examining data/skiboot-6.6.2/ccan/short_types/test/run-endian.c
Examining data/skiboot-6.6.2/ccan/short_types/test/run.c
Examining data/skiboot-6.6.2/ccan/str/str.c
Examining data/skiboot-6.6.2/ccan/str/str.h
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-STR_MAX_CHARS.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isalnum.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isalpha.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isascii.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isblank.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-iscntrl.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isdigit.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-islower.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isprint.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-ispunct.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isspace.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isupper.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-isxdigit.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-strchr.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-strrchr.c
Examining data/skiboot-6.6.2/ccan/str/test/compile_fail-strstr.c
Examining data/skiboot-6.6.2/ccan/str/test/debug.c
Examining data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c
Examining data/skiboot-6.6.2/ccan/str/test/run.c
Examining data/skiboot-6.6.2/ccan/tap/tap.h
Examining data/skiboot-6.6.2/core/affinity.c
Examining data/skiboot-6.6.2/core/bitmap.c
Examining data/skiboot-6.6.2/core/buddy.c
Examining data/skiboot-6.6.2/core/chip.c
Examining data/skiboot-6.6.2/core/console-log.c
Examining data/skiboot-6.6.2/core/console.c
Examining data/skiboot-6.6.2/core/cpu.c
Examining data/skiboot-6.6.2/core/cpufeatures.c
Examining data/skiboot-6.6.2/core/device.c
Examining data/skiboot-6.6.2/core/direct-controls.c
Examining data/skiboot-6.6.2/core/errorlog.c
Examining data/skiboot-6.6.2/core/exceptions.c
Examining data/skiboot-6.6.2/core/fast-reboot.c
Examining data/skiboot-6.6.2/core/fdt.c
Examining data/skiboot-6.6.2/core/flash-firmware-versions.c
Examining data/skiboot-6.6.2/core/flash-subpartition.c
Examining data/skiboot-6.6.2/core/flash.c
Examining data/skiboot-6.6.2/core/gcov-profiling.c
Examining data/skiboot-6.6.2/core/hmi.c
Examining data/skiboot-6.6.2/core/i2c.c
Examining data/skiboot-6.6.2/core/init.c
Examining data/skiboot-6.6.2/core/interrupts.c
Examining data/skiboot-6.6.2/core/ipmi-opal.c
Examining data/skiboot-6.6.2/core/ipmi.c
Examining data/skiboot-6.6.2/core/lock.c
Examining data/skiboot-6.6.2/core/malloc.c
Examining data/skiboot-6.6.2/core/mem_region.c
Examining data/skiboot-6.6.2/core/nvram-format.c
Examining data/skiboot-6.6.2/core/nvram.c
Examining data/skiboot-6.6.2/core/opal-dump.c
Examining data/skiboot-6.6.2/core/opal-msg.c
Examining data/skiboot-6.6.2/core/opal.c
Examining data/skiboot-6.6.2/core/pci-dt-slot.c
Examining data/skiboot-6.6.2/core/pci-opal.c
Examining data/skiboot-6.6.2/core/pci-quirk.c
Examining data/skiboot-6.6.2/core/pci-slot.c
Examining data/skiboot-6.6.2/core/pci-virt.c
Examining data/skiboot-6.6.2/core/pci.c
Examining data/skiboot-6.6.2/core/pcie-slot.c
Examining data/skiboot-6.6.2/core/pel.c
Examining data/skiboot-6.6.2/core/platform.c
Examining data/skiboot-6.6.2/core/pool.c
Examining data/skiboot-6.6.2/core/powercap.c
Examining data/skiboot-6.6.2/core/psr.c
Examining data/skiboot-6.6.2/core/relocate.c
Examining data/skiboot-6.6.2/core/rtc.c
Examining data/skiboot-6.6.2/core/sensor.c
Examining data/skiboot-6.6.2/core/stack.c
Examining data/skiboot-6.6.2/core/test/dummy-cpu.h
Examining data/skiboot-6.6.2/core/test/run-api-test.c
Examining data/skiboot-6.6.2/core/test/run-bitmap.c
Examining data/skiboot-6.6.2/core/test/run-buddy.c
Examining data/skiboot-6.6.2/core/test/run-console-log-buf-overrun.c
Examining data/skiboot-6.6.2/core/test/run-console-log-pr_fmt.c
Examining data/skiboot-6.6.2/core/test/run-console-log.c
Examining data/skiboot-6.6.2/core/test/run-cpufeatures.c
Examining data/skiboot-6.6.2/core/test/run-device.c
Examining data/skiboot-6.6.2/core/test/run-flash-firmware-versions.c
Examining data/skiboot-6.6.2/core/test/run-flash-subpartition.c
Examining data/skiboot-6.6.2/core/test/run-malloc-speed.c
Examining data/skiboot-6.6.2/core/test/run-malloc.c
Examining data/skiboot-6.6.2/core/test/run-mem_range_is_reserved.c
Examining data/skiboot-6.6.2/core/test/run-mem_region.c
Examining data/skiboot-6.6.2/core/test/run-mem_region_init.c
Examining data/skiboot-6.6.2/core/test/run-mem_region_next.c
Examining data/skiboot-6.6.2/core/test/run-mem_region_release_unused.c
Examining data/skiboot-6.6.2/core/test/run-mem_region_release_unused_noalloc.c
Examining data/skiboot-6.6.2/core/test/run-mem_region_reservations.c
Examining data/skiboot-6.6.2/core/test/run-msg.c
Examining data/skiboot-6.6.2/core/test/run-nvram-format.c
Examining data/skiboot-6.6.2/core/test/run-pci-quirk.c
Examining data/skiboot-6.6.2/core/test/run-pel.c
Examining data/skiboot-6.6.2/core/test/run-pool.c
Examining data/skiboot-6.6.2/core/test/run-time-utils.c
Examining data/skiboot-6.6.2/core/test/run-timebase.c
Examining data/skiboot-6.6.2/core/test/run-timer.c
Examining data/skiboot-6.6.2/core/test/run-trace.c
Examining data/skiboot-6.6.2/core/test/stubs.c
Examining data/skiboot-6.6.2/core/time-utils.c
Examining data/skiboot-6.6.2/core/timebase.c
Examining data/skiboot-6.6.2/core/timer.c
Examining data/skiboot-6.6.2/core/trace.c
Examining data/skiboot-6.6.2/core/utils.c
Examining data/skiboot-6.6.2/core/vpd.c
Examining data/skiboot-6.6.2/coverity-model.c
Examining data/skiboot-6.6.2/external/common/arch_flash.h
Examining data/skiboot-6.6.2/external/common/arch_flash_arm.c
Examining data/skiboot-6.6.2/external/common/arch_flash_arm_io.h
Examining data/skiboot-6.6.2/external/common/arch_flash_common.c
Examining data/skiboot-6.6.2/external/common/arch_flash_powerpc.c
Examining data/skiboot-6.6.2/external/common/arch_flash_powerpc_io.h
Examining data/skiboot-6.6.2/external/common/arch_flash_unknown.c
Examining data/skiboot-6.6.2/external/common/arch_flash_unknown_io.h
Examining data/skiboot-6.6.2/external/ffspart/config.h
Examining data/skiboot-6.6.2/external/ffspart/ffspart.c
Examining data/skiboot-6.6.2/external/gard/config.h
Examining data/skiboot-6.6.2/external/gard/gard.c
Examining data/skiboot-6.6.2/external/gard/gard.h
Examining data/skiboot-6.6.2/external/gard/units.c
Examining data/skiboot-6.6.2/external/lpc/lpc.c
Examining data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c
Examining data/skiboot-6.6.2/external/memboot/memboot.c
Examining data/skiboot-6.6.2/external/opal-prd/config.h
Examining data/skiboot-6.6.2/external/opal-prd/hostboot-interface.h
Examining data/skiboot-6.6.2/external/opal-prd/i2c.c
Examining data/skiboot-6.6.2/external/opal-prd/i2c.h
Examining data/skiboot-6.6.2/external/opal-prd/module.c
Examining data/skiboot-6.6.2/external/opal-prd/module.h
Examining data/skiboot-6.6.2/external/opal-prd/opal-prd.c
Examining data/skiboot-6.6.2/external/opal-prd/opal-prd.h
Examining data/skiboot-6.6.2/external/opal-prd/pnor.c
Examining data/skiboot-6.6.2/external/opal-prd/pnor.h
Examining data/skiboot-6.6.2/external/opal-prd/test/test_pnor.c
Examining data/skiboot-6.6.2/external/opal-prd/test/test_pnor_ops.c
Examining data/skiboot-6.6.2/external/pflash/config.h
Examining data/skiboot-6.6.2/external/pflash/pflash.c
Examining data/skiboot-6.6.2/external/pflash/progress.c
Examining data/skiboot-6.6.2/external/pflash/progress.h
Examining data/skiboot-6.6.2/external/shared/config.h
Examining data/skiboot-6.6.2/external/trace/dump_trace.c
Examining data/skiboot-6.6.2/external/trace/trace.c
Examining data/skiboot-6.6.2/external/trace/trace.h
Examining data/skiboot-6.6.2/external/xscom-utils/getscom.c
Examining data/skiboot-6.6.2/external/xscom-utils/getsram.c
Examining data/skiboot-6.6.2/external/xscom-utils/putscom.c
Examining data/skiboot-6.6.2/external/xscom-utils/sram.c
Examining data/skiboot-6.6.2/external/xscom-utils/sram.h
Examining data/skiboot-6.6.2/external/xscom-utils/xscom.c
Examining data/skiboot-6.6.2/external/xscom-utils/xscom.h
Examining data/skiboot-6.6.2/extract-gcov.c
Examining data/skiboot-6.6.2/hdata/cpu-common.c
Examining data/skiboot-6.6.2/hdata/fsp.c
Examining data/skiboot-6.6.2/hdata/hdata.h
Examining data/skiboot-6.6.2/hdata/hdif.c
Examining data/skiboot-6.6.2/hdata/hdif.h
Examining data/skiboot-6.6.2/hdata/hostservices.c
Examining data/skiboot-6.6.2/hdata/i2c.c
Examining data/skiboot-6.6.2/hdata/iohub.c
Examining data/skiboot-6.6.2/hdata/memory.c
Examining data/skiboot-6.6.2/hdata/naca.c
Examining data/skiboot-6.6.2/hdata/naca.h
Examining data/skiboot-6.6.2/hdata/pcia.c
Examining data/skiboot-6.6.2/hdata/slca.c
Examining data/skiboot-6.6.2/hdata/spira.c
Examining data/skiboot-6.6.2/hdata/spira.h
Examining data/skiboot-6.6.2/hdata/test/hdata_to_dt.c
Examining data/skiboot-6.6.2/hdata/test/stubs.c
Examining data/skiboot-6.6.2/hdata/tpmrel.c
Examining data/skiboot-6.6.2/hdata/vpd-common.c
Examining data/skiboot-6.6.2/hdata/vpd.c
Examining data/skiboot-6.6.2/hw/ast-bmc/ast-io.c
Examining data/skiboot-6.6.2/hw/ast-bmc/ast-sf-ctrl.c
Examining data/skiboot-6.6.2/hw/bt.c
Examining data/skiboot-6.6.2/hw/cache-p9.c
Examining data/skiboot-6.6.2/hw/capp.c
Examining data/skiboot-6.6.2/hw/centaur.c
Examining data/skiboot-6.6.2/hw/chiptod.c
Examining data/skiboot-6.6.2/hw/dio-p9.c
Examining data/skiboot-6.6.2/hw/dts.c
Examining data/skiboot-6.6.2/hw/fake-nvram.c
Examining data/skiboot-6.6.2/hw/fake-rtc.c
Examining data/skiboot-6.6.2/hw/fsi-master.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-attn.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-chiptod.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h
Examining data/skiboot-6.6.2/hw/fsp/fsp-console.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-diag.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-dpo.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-dump.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-elog-read.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-elog-write.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-epow.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-epow.h
Examining data/skiboot-6.6.2/hw/fsp/fsp-ipmi.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-leds.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-mem-err.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-nvram.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-occ.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-op-panel.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-psi.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-rtc.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-sensor.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-surveillance.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-sysdump.c
Examining data/skiboot-6.6.2/hw/fsp/fsp-sysparam.c
Examining data/skiboot-6.6.2/hw/fsp/fsp.c
Examining data/skiboot-6.6.2/hw/homer.c
Examining data/skiboot-6.6.2/hw/imc.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-attn.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-info.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-power.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-rtc.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-sensor.c
Examining data/skiboot-6.6.2/hw/ipmi/ipmi-watchdog.c
Examining data/skiboot-6.6.2/hw/ipmi/test/run-fru.c
Examining data/skiboot-6.6.2/hw/lpc-mbox.c
Examining data/skiboot-6.6.2/hw/lpc-port80h.c
Examining data/skiboot-6.6.2/hw/lpc-rtc.c
Examining data/skiboot-6.6.2/hw/lpc-uart.c
Examining data/skiboot-6.6.2/hw/lpc.c
Examining data/skiboot-6.6.2/hw/npu-hw-procedures.c
Examining data/skiboot-6.6.2/hw/npu-opal.c
Examining data/skiboot-6.6.2/hw/npu.c
Examining data/skiboot-6.6.2/hw/npu2-common.c
Examining data/skiboot-6.6.2/hw/npu2-hw-procedures.c
Examining data/skiboot-6.6.2/hw/npu2-opencapi.c
Examining data/skiboot-6.6.2/hw/npu2.c
Examining data/skiboot-6.6.2/hw/npu3-hw-procedures.c
Examining data/skiboot-6.6.2/hw/npu3-nvlink.c
Examining data/skiboot-6.6.2/hw/npu3.c
Examining data/skiboot-6.6.2/hw/nx-842.c
Examining data/skiboot-6.6.2/hw/nx-compress.c
Examining data/skiboot-6.6.2/hw/nx-crypto.c
Examining data/skiboot-6.6.2/hw/nx-gzip.c
Examining data/skiboot-6.6.2/hw/nx-rng.c
Examining data/skiboot-6.6.2/hw/nx.c
Examining data/skiboot-6.6.2/hw/occ-sensor.c
Examining data/skiboot-6.6.2/hw/occ.c
Examining data/skiboot-6.6.2/hw/ocmb.c
Examining data/skiboot-6.6.2/hw/p8-i2c.c
Examining data/skiboot-6.6.2/hw/phb3.c
Examining data/skiboot-6.6.2/hw/phb4.c
Examining data/skiboot-6.6.2/hw/phys-map.c
Examining data/skiboot-6.6.2/hw/prd.c
Examining data/skiboot-6.6.2/hw/psi.c
Examining data/skiboot-6.6.2/hw/sbe-p8.c
Examining data/skiboot-6.6.2/hw/sbe-p9.c
Examining data/skiboot-6.6.2/hw/sfc-ctrl.c
Examining data/skiboot-6.6.2/hw/slw.c
Examining data/skiboot-6.6.2/hw/test/phys-map-test.c
Examining data/skiboot-6.6.2/hw/test/run-port80h.c
Examining data/skiboot-6.6.2/hw/vas.c
Examining data/skiboot-6.6.2/hw/xive.c
Examining data/skiboot-6.6.2/hw/xscom.c
Examining data/skiboot-6.6.2/include/affinity.h
Examining data/skiboot-6.6.2/include/asm-utils.h
Examining data/skiboot-6.6.2/include/ast.h
Examining data/skiboot-6.6.2/include/bitmap.h
Examining data/skiboot-6.6.2/include/bitutils.h
Examining data/skiboot-6.6.2/include/bt.h
Examining data/skiboot-6.6.2/include/buddy.h
Examining data/skiboot-6.6.2/include/cache-p9.h
Examining data/skiboot-6.6.2/include/capp.h
Examining data/skiboot-6.6.2/include/cec.h
Examining data/skiboot-6.6.2/include/centaur.h
Examining data/skiboot-6.6.2/include/chip.h
Examining data/skiboot-6.6.2/include/chiptod.h
Examining data/skiboot-6.6.2/include/cmpxchg.h
Examining data/skiboot-6.6.2/include/compiler.h
Examining data/skiboot-6.6.2/include/config.h
Examining data/skiboot-6.6.2/include/console.h
Examining data/skiboot-6.6.2/include/cpu.h
Examining data/skiboot-6.6.2/include/debug_descriptor.h
Examining data/skiboot-6.6.2/include/device.h
Examining data/skiboot-6.6.2/include/dio-p9.h
Examining data/skiboot-6.6.2/include/direct-controls.h
Examining data/skiboot-6.6.2/include/dts.h
Examining data/skiboot-6.6.2/include/elf-abi.h
Examining data/skiboot-6.6.2/include/elf.h
Examining data/skiboot-6.6.2/include/errorlog.h
Examining data/skiboot-6.6.2/include/fsi-master.h
Examining data/skiboot-6.6.2/include/fsp-attn.h
Examining data/skiboot-6.6.2/include/fsp-elog.h
Examining data/skiboot-6.6.2/include/fsp-leds.h
Examining data/skiboot-6.6.2/include/fsp-sysparam.h
Examining data/skiboot-6.6.2/include/fsp.h
Examining data/skiboot-6.6.2/include/hiomap.h
Examining data/skiboot-6.6.2/include/hostservices.h
Examining data/skiboot-6.6.2/include/i2c.h
Examining data/skiboot-6.6.2/include/imc.h
Examining data/skiboot-6.6.2/include/interrupts.h
Examining data/skiboot-6.6.2/include/inttypes.h
Examining data/skiboot-6.6.2/include/io.h
Examining data/skiboot-6.6.2/include/ipmi.h
Examining data/skiboot-6.6.2/include/lock.h
Examining data/skiboot-6.6.2/include/lpc-mbox.h
Examining data/skiboot-6.6.2/include/lpc.h
Examining data/skiboot-6.6.2/include/mem-map.h
Examining data/skiboot-6.6.2/include/mem_region-malloc.h
Examining data/skiboot-6.6.2/include/mem_region.h
Examining data/skiboot-6.6.2/include/npu-regs.h
Examining data/skiboot-6.6.2/include/npu.h
Examining data/skiboot-6.6.2/include/npu2-regs.h
Examining data/skiboot-6.6.2/include/npu2.h
Examining data/skiboot-6.6.2/include/npu3-regs.h
Examining data/skiboot-6.6.2/include/npu3.h
Examining data/skiboot-6.6.2/include/nvram.h
Examining data/skiboot-6.6.2/include/nx.h
Examining data/skiboot-6.6.2/include/occ.h
Examining data/skiboot-6.6.2/include/ocmb.h
Examining data/skiboot-6.6.2/include/op-panel.h
Examining data/skiboot-6.6.2/include/opal-api.h
Examining data/skiboot-6.6.2/include/opal-dump.h
Examining data/skiboot-6.6.2/include/opal-internal.h
Examining data/skiboot-6.6.2/include/opal-msg.h
Examining data/skiboot-6.6.2/include/opal.h
Examining data/skiboot-6.6.2/include/p9_stop_api.H
Examining data/skiboot-6.6.2/include/pci-cfg.h
Examining data/skiboot-6.6.2/include/pci-quirk.h
Examining data/skiboot-6.6.2/include/pci-slot.h
Examining data/skiboot-6.6.2/include/pci-virt.h
Examining data/skiboot-6.6.2/include/pci.h
Examining data/skiboot-6.6.2/include/pel.h
Examining data/skiboot-6.6.2/include/phb3-capp.h
Examining data/skiboot-6.6.2/include/phb3-regs.h
Examining data/skiboot-6.6.2/include/phb3.h
Examining data/skiboot-6.6.2/include/phb4-capp.h
Examining data/skiboot-6.6.2/include/phb4-regs.h
Examining data/skiboot-6.6.2/include/phb4.h
Examining data/skiboot-6.6.2/include/phys-map.h
Examining data/skiboot-6.6.2/include/platform.h
Examining data/skiboot-6.6.2/include/pool.h
Examining data/skiboot-6.6.2/include/powercap.h
Examining data/skiboot-6.6.2/include/prd-fw-msg.h
Examining data/skiboot-6.6.2/include/processor.h
Examining data/skiboot-6.6.2/include/psi.h
Examining data/skiboot-6.6.2/include/psr.h
Examining data/skiboot-6.6.2/include/rtc.h
Examining data/skiboot-6.6.2/include/sbe-p8.h
Examining data/skiboot-6.6.2/include/sbe-p9.h
Examining data/skiboot-6.6.2/include/secvar.h
Examining data/skiboot-6.6.2/include/sensor.h
Examining data/skiboot-6.6.2/include/sfc-ctrl.h
Examining data/skiboot-6.6.2/include/skiboot-valgrind.h
Examining data/skiboot-6.6.2/include/skiboot.h
Examining data/skiboot-6.6.2/include/spcn.h
Examining data/skiboot-6.6.2/include/stack.h
Examining data/skiboot-6.6.2/include/time-utils.h
Examining data/skiboot-6.6.2/include/timebase.h
Examining data/skiboot-6.6.2/include/timer.h
Examining data/skiboot-6.6.2/include/trace.h
Examining data/skiboot-6.6.2/include/trace_types.h
Examining data/skiboot-6.6.2/include/types.h
Examining data/skiboot-6.6.2/include/vas.h
Examining data/skiboot-6.6.2/include/vpd.h
Examining data/skiboot-6.6.2/include/xive-p9-regs.h
Examining data/skiboot-6.6.2/include/xive-regs.h
Examining data/skiboot-6.6.2/include/xive.h
Examining data/skiboot-6.6.2/include/xscom-p8-regs.h
Examining data/skiboot-6.6.2/include/xscom-p9-regs.h
Examining data/skiboot-6.6.2/include/xscom.h
Examining data/skiboot-6.6.2/libc/ctype/isdigit.c
Examining data/skiboot-6.6.2/libc/ctype/isprint.c
Examining data/skiboot-6.6.2/libc/ctype/isspace.c
Examining data/skiboot-6.6.2/libc/ctype/isxdigit.c
Examining data/skiboot-6.6.2/libc/ctype/tolower.c
Examining data/skiboot-6.6.2/libc/ctype/toupper.c
Examining data/skiboot-6.6.2/libc/include/assert.h
Examining data/skiboot-6.6.2/libc/include/ctype.h
Examining data/skiboot-6.6.2/libc/include/errno.h
Examining data/skiboot-6.6.2/libc/include/getopt.h
Examining data/skiboot-6.6.2/libc/include/limits.h
Examining data/skiboot-6.6.2/libc/include/stdint.h
Examining data/skiboot-6.6.2/libc/include/stdio.h
Examining data/skiboot-6.6.2/libc/include/stdlib.h
Examining data/skiboot-6.6.2/libc/include/string.h
Examining data/skiboot-6.6.2/libc/include/time.h
Examining data/skiboot-6.6.2/libc/include/unistd.h
Examining data/skiboot-6.6.2/libc/stdio/fileno.c
Examining data/skiboot-6.6.2/libc/stdio/fprintf.c
Examining data/skiboot-6.6.2/libc/stdio/fputc.c
Examining data/skiboot-6.6.2/libc/stdio/fputs.c
Examining data/skiboot-6.6.2/libc/stdio/putchar.c
Examining data/skiboot-6.6.2/libc/stdio/puts.c
Examining data/skiboot-6.6.2/libc/stdio/setvbuf.c
Examining data/skiboot-6.6.2/libc/stdio/snprintf.c
Examining data/skiboot-6.6.2/libc/stdio/stdchnls.c
Examining data/skiboot-6.6.2/libc/stdio/vfprintf.c
Examining data/skiboot-6.6.2/libc/stdio/vsnprintf.c
Examining data/skiboot-6.6.2/libc/stdlib/atoi.c
Examining data/skiboot-6.6.2/libc/stdlib/atol.c
Examining data/skiboot-6.6.2/libc/stdlib/error.c
Examining data/skiboot-6.6.2/libc/stdlib/labs.c
Examining data/skiboot-6.6.2/libc/stdlib/rand.c
Examining data/skiboot-6.6.2/libc/stdlib/strtol.c
Examining data/skiboot-6.6.2/libc/stdlib/strtoul.c
Examining data/skiboot-6.6.2/libc/string/memchr.c
Examining data/skiboot-6.6.2/libc/string/memcmp.c
Examining data/skiboot-6.6.2/libc/string/memcpy.c
Examining data/skiboot-6.6.2/libc/string/memcpy_from_ci.c
Examining data/skiboot-6.6.2/libc/string/memmove.c
Examining data/skiboot-6.6.2/libc/string/memset.c
Examining data/skiboot-6.6.2/libc/string/strcasecmp.c
Examining data/skiboot-6.6.2/libc/string/strcat.c
Examining data/skiboot-6.6.2/libc/string/strchr.c
Examining data/skiboot-6.6.2/libc/string/strcmp.c
Examining data/skiboot-6.6.2/libc/string/strcpy.c
Examining data/skiboot-6.6.2/libc/string/strdup.c
Examining data/skiboot-6.6.2/libc/string/strlen.c
Examining data/skiboot-6.6.2/libc/string/strncasecmp.c
Examining data/skiboot-6.6.2/libc/string/strncmp.c
Examining data/skiboot-6.6.2/libc/string/strncpy.c
Examining data/skiboot-6.6.2/libc/string/strrchr.c
Examining data/skiboot-6.6.2/libc/string/strstr.c
Examining data/skiboot-6.6.2/libc/string/strtok.c
Examining data/skiboot-6.6.2/libc/test/run-ctype-test.c
Examining data/skiboot-6.6.2/libc/test/run-ctype.c
Examining data/skiboot-6.6.2/libc/test/run-memops-test.c
Examining data/skiboot-6.6.2/libc/test/run-memops.c
Examining data/skiboot-6.6.2/libc/test/run-snprintf-test.c
Examining data/skiboot-6.6.2/libc/test/run-snprintf.c
Examining data/skiboot-6.6.2/libc/test/run-stdlib-test.c
Examining data/skiboot-6.6.2/libc/test/run-stdlib.c
Examining data/skiboot-6.6.2/libc/test/run-time.c
Examining data/skiboot-6.6.2/libc/time.c
Examining data/skiboot-6.6.2/libfdt/fdt.c
Examining data/skiboot-6.6.2/libfdt/fdt.h
Examining data/skiboot-6.6.2/libfdt/fdt_addresses.c
Examining data/skiboot-6.6.2/libfdt/fdt_empty_tree.c
Examining data/skiboot-6.6.2/libfdt/fdt_overlay.c
Examining data/skiboot-6.6.2/libfdt/fdt_ro.c
Examining data/skiboot-6.6.2/libfdt/fdt_rw.c
Examining data/skiboot-6.6.2/libfdt/fdt_strerror.c
Examining data/skiboot-6.6.2/libfdt/fdt_sw.c
Examining data/skiboot-6.6.2/libfdt/fdt_wip.c
Examining data/skiboot-6.6.2/libfdt/libfdt.h
Examining data/skiboot-6.6.2/libfdt/libfdt_env.h
Examining data/skiboot-6.6.2/libfdt/libfdt_internal.h
Examining data/skiboot-6.6.2/libflash/blocklevel.c
Examining data/skiboot-6.6.2/libflash/blocklevel.h
Examining data/skiboot-6.6.2/libflash/ecc.c
Examining data/skiboot-6.6.2/libflash/ecc.h
Examining data/skiboot-6.6.2/libflash/errors.h
Examining data/skiboot-6.6.2/libflash/ffs.h
Examining data/skiboot-6.6.2/libflash/file.c
Examining data/skiboot-6.6.2/libflash/file.h
Examining data/skiboot-6.6.2/libflash/ipmi-hiomap.c
Examining data/skiboot-6.6.2/libflash/ipmi-hiomap.h
Examining data/skiboot-6.6.2/libflash/libffs.c
Examining data/skiboot-6.6.2/libflash/libffs.h
Examining data/skiboot-6.6.2/libflash/libflash-priv.h
Examining data/skiboot-6.6.2/libflash/libflash.c
Examining data/skiboot-6.6.2/libflash/libflash.h
Examining data/skiboot-6.6.2/libflash/mbox-flash.c
Examining data/skiboot-6.6.2/libflash/mbox-flash.h
Examining data/skiboot-6.6.2/libflash/test/mbox-server.c
Examining data/skiboot-6.6.2/libflash/test/mbox-server.h
Examining data/skiboot-6.6.2/libflash/test/stubs.c
Examining data/skiboot-6.6.2/libflash/test/stubs.h
Examining data/skiboot-6.6.2/libflash/test/test-blocklevel.c
Examining data/skiboot-6.6.2/libflash/test/test-ecc.c
Examining data/skiboot-6.6.2/libflash/test/test-flash.c
Examining data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c
Examining data/skiboot-6.6.2/libflash/test/test-mbox.c
Examining data/skiboot-6.6.2/libpore/fapi_sbe_common.H
Examining data/skiboot-6.6.2/libpore/p8_delta_scan_rw.h
Examining data/skiboot-6.6.2/libpore/p8_image_help_base.H
Examining data/skiboot-6.6.2/libpore/p8_pore_api_custom.h
Examining data/skiboot-6.6.2/libpore/p8_pore_table_gen_api.H
Examining data/skiboot-6.6.2/libpore/p8_pore_table_gen_api_fixed.C
Examining data/skiboot-6.6.2/libpore/p8_pore_table_static_data.c
Examining data/skiboot-6.6.2/libpore/p9_cpu_reg_restore_instruction.H
Examining data/skiboot-6.6.2/libpore/p9_hcd_header_defs.H
Examining data/skiboot-6.6.2/libpore/p9_hcd_memmap_base.H
Examining data/skiboot-6.6.2/libpore/p9_stop_api.C
Examining data/skiboot-6.6.2/libpore/p9_stop_api.H
Examining data/skiboot-6.6.2/libpore/p9_stop_data_struct.H
Examining data/skiboot-6.6.2/libpore/p9_stop_util.C
Examining data/skiboot-6.6.2/libpore/p9_stop_util.H
Examining data/skiboot-6.6.2/libpore/pgas.h
Examining data/skiboot-6.6.2/libpore/pore_inline.h
Examining data/skiboot-6.6.2/libpore/pore_inline_assembler.c
Examining data/skiboot-6.6.2/libpore/sbe_xip_image.c
Examining data/skiboot-6.6.2/libpore/sbe_xip_image.h
Examining data/skiboot-6.6.2/libstb/container-utils.c
Examining data/skiboot-6.6.2/libstb/container-utils.h
Examining data/skiboot-6.6.2/libstb/container.c
Examining data/skiboot-6.6.2/libstb/container.h
Examining data/skiboot-6.6.2/libstb/create-container.c
Examining data/skiboot-6.6.2/libstb/cvc.c
Examining data/skiboot-6.6.2/libstb/cvc.h
Examining data/skiboot-6.6.2/libstb/drivers/tpm_i2c_interface.c
Examining data/skiboot-6.6.2/libstb/drivers/tpm_i2c_interface.h
Examining data/skiboot-6.6.2/libstb/drivers/tpm_i2c_nuvoton.c
Examining data/skiboot-6.6.2/libstb/drivers/tpm_i2c_nuvoton.h
Examining data/skiboot-6.6.2/libstb/mbedtls/sha512.c
Examining data/skiboot-6.6.2/libstb/mbedtls/sha512.h
Examining data/skiboot-6.6.2/libstb/print-container.c
Examining data/skiboot-6.6.2/libstb/secureboot.c
Examining data/skiboot-6.6.2/libstb/secureboot.h
Examining data/skiboot-6.6.2/libstb/secvar/secvar.h
Examining data/skiboot-6.6.2/libstb/secvar/secvar_api.c
Examining data/skiboot-6.6.2/libstb/secvar/secvar_devtree.c
Examining data/skiboot-6.6.2/libstb/secvar/secvar_devtree.h
Examining data/skiboot-6.6.2/libstb/secvar/secvar_main.c
Examining data/skiboot-6.6.2/libstb/secvar/secvar_util.c
Examining data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c
Examining data/skiboot-6.6.2/libstb/secvar/test/secvar-test-getvar.c
Examining data/skiboot-6.6.2/libstb/secvar/test/secvar-test-nextvar.c
Examining data/skiboot-6.6.2/libstb/secvar/test/secvar-test-void.c
Examining data/skiboot-6.6.2/libstb/secvar/test/secvar_api_test.c
Examining data/skiboot-6.6.2/libstb/secvar/test/secvar_common_test.c
Examining data/skiboot-6.6.2/libstb/status_codes.h
Examining data/skiboot-6.6.2/libstb/test/run-stb-container.c
Examining data/skiboot-6.6.2/libstb/tpm_chip.c
Examining data/skiboot-6.6.2/libstb/tpm_chip.h
Examining data/skiboot-6.6.2/libstb/trustedboot.c
Examining data/skiboot-6.6.2/libstb/trustedboot.h
Examining data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C
Examining data/skiboot-6.6.2/libstb/tss/tpmLogMgr.H
Examining data/skiboot-6.6.2/libstb/tss/trustedTypes.C
Examining data/skiboot-6.6.2/libstb/tss/trustedTypes.H
Examining data/skiboot-6.6.2/libstb/tss/trustedboot.H
Examining data/skiboot-6.6.2/libstb/tss/trustedbootCmds.C
Examining data/skiboot-6.6.2/libstb/tss/trustedbootCmds.H
Examining data/skiboot-6.6.2/libstb/tss/trustedbootUtils.C
Examining data/skiboot-6.6.2/libstb/tss/trustedbootUtils.H
Examining data/skiboot-6.6.2/libstb/tss/trustedboot_reasoncodes.H
Examining data/skiboot-6.6.2/libxz/xz.h
Examining data/skiboot-6.6.2/libxz/xz_config.h
Examining data/skiboot-6.6.2/libxz/xz_crc32.c
Examining data/skiboot-6.6.2/libxz/xz_dec_lzma2.c
Examining data/skiboot-6.6.2/libxz/xz_dec_stream.c
Examining data/skiboot-6.6.2/libxz/xz_lzma2.h
Examining data/skiboot-6.6.2/libxz/xz_private.h
Examining data/skiboot-6.6.2/libxz/xz_stream.h
Examining data/skiboot-6.6.2/platforms/astbmc/astbmc.h
Examining data/skiboot-6.6.2/platforms/astbmc/barreleye.c
Examining data/skiboot-6.6.2/platforms/astbmc/blackbird.c
Examining data/skiboot-6.6.2/platforms/astbmc/common.c
Examining data/skiboot-6.6.2/platforms/astbmc/firestone.c
Examining data/skiboot-6.6.2/platforms/astbmc/garrison.c
Examining data/skiboot-6.6.2/platforms/astbmc/habanero.c
Examining data/skiboot-6.6.2/platforms/astbmc/mihawk.c
Examining data/skiboot-6.6.2/platforms/astbmc/nicole.c
Examining data/skiboot-6.6.2/platforms/astbmc/p8dnu.c
Examining data/skiboot-6.6.2/platforms/astbmc/p8dtu.c
Examining data/skiboot-6.6.2/platforms/astbmc/p9dsu.c
Examining data/skiboot-6.6.2/platforms/astbmc/palmetto.c
Examining data/skiboot-6.6.2/platforms/astbmc/pnor.c
Examining data/skiboot-6.6.2/platforms/astbmc/romulus.c
Examining data/skiboot-6.6.2/platforms/astbmc/slots.c
Examining data/skiboot-6.6.2/platforms/astbmc/swift.c
Examining data/skiboot-6.6.2/platforms/astbmc/talos.c
Examining data/skiboot-6.6.2/platforms/astbmc/vesnin.c
Examining data/skiboot-6.6.2/platforms/astbmc/witherspoon.c
Examining data/skiboot-6.6.2/platforms/astbmc/zaius.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/common.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/firenze-pci.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/firenze.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/fsp-vpd.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/hostservices.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/ibm-fsp.h
Examining data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c
Examining data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.h
Examining data/skiboot-6.6.2/platforms/ibm-fsp/zz.c
Examining data/skiboot-6.6.2/platforms/mambo/console.c
Examining data/skiboot-6.6.2/platforms/mambo/mambo.c
Examining data/skiboot-6.6.2/platforms/mambo/mambo.h
Examining data/skiboot-6.6.2/platforms/qemu/qemu.c
Examining data/skiboot-6.6.2/platforms/rhesus/ec/config.h
Examining data/skiboot-6.6.2/platforms/rhesus/ec/gpio.h
Examining data/skiboot-6.6.2/platforms/rhesus/gpio.c
Examining data/skiboot-6.6.2/platforms/rhesus/rhesus.c
Examining data/skiboot-6.6.2/test/dt_common.c
FINAL RESULTS:
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:120:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
rc = readlink(dev_path, fdt_node_path_tmp, sizeof(fdt_node_path_tmp) - 1);
data/skiboot-6.6.2/libflash/file.c:199:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(path, lpath, st.st_size +1);
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:12:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf my_fprintf
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:23:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(printf_buffer, sizeof(printf_buffer), format, ap);
data/skiboot-6.6.2/ccan/str/test/run.c:37:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strings[n++], "%s%s",
data/skiboot-6.6.2/core/buddy.c:15:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define BUDDY_NOISE(fmt...) printf(fmt)
data/skiboot-6.6.2/core/console-log.c:37:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count+= vsnprintf(buffer+count, sizeof(buffer)-count, fmt, ap);
data/skiboot-6.6.2/core/device.c:195:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(addr_str, sizeof(addr_str), "%" PRIx64, addr);
data/skiboot-6.6.2/core/device.c:574:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, sstr);
data/skiboot-6.6.2/core/errorlog.c:180:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(err_msg, sizeof(err_msg), fmt, list);
data/skiboot-6.6.2/core/errorlog.c:196:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(err_msg, sizeof(err_msg), fmt, list);
data/skiboot-6.6.2/core/exceptions.c:112:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l += snprintf(buf + l, EXCEPTION_MAX_STR - l, " MSR "REG, msr);
data/skiboot-6.6.2/core/exceptions.c:129:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l += snprintf(buf + l, EXCEPTION_MAX_STR - l, " MSR "REG, msr);
data/skiboot-6.6.2/core/interrupts.c:228:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(names + tns, name);
data/skiboot-6.6.2/core/mem_region.c:1099:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rname, NODE_REGION_PREFIX);
data/skiboot-6.6.2/core/mem_region.c:1100:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rname, i->name);
data/skiboot-6.6.2/core/nvram-format.c:66:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(h->name, NVRAM_NAME_FW_PRIV);
data/skiboot-6.6.2/core/nvram-format.c:80:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(h->name, NVRAM_NAME_COMMON);
data/skiboot-6.6.2/core/test/run-console-log.c:14:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _printf printf
data/skiboot-6.6.2/core/test/stubs.c:15:97: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void _prlog(int log_level __attribute__((unused)), const char* fmt, ...) __attribute__((format (printf, 2, 3)));
data/skiboot-6.6.2/core/test/stubs.c:27:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/skiboot-6.6.2/external/common/arch_flash.h:32:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum flash_access access);
data/skiboot-6.6.2/external/common/arch_flash_arm.c:34:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum flash_access access;
data/skiboot-6.6.2/external/common/arch_flash_arm.c:147:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static int open_devs(enum flash_access access)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:149:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != BMC_DIRECT && access != PNOR_DIRECT)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:149:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != BMC_DIRECT && access != PNOR_DIRECT)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:181:64: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static struct blocklevel_device *flash_setup(enum flash_access access)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:187:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != BMC_DIRECT && access != PNOR_DIRECT)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:187:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != BMC_DIRECT && access != PNOR_DIRECT)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:191:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
rc = open_devs(access);
data/skiboot-6.6.2/external/common/arch_flash_arm.c:228:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static char *get_dev_mtd(enum flash_access access)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:234:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != BMC_MTD && access != PNOR_MTD)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:234:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != BMC_MTD && access != PNOR_MTD)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:268:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum flash_access access)
data/skiboot-6.6.2/external/common/arch_flash_arm.c:274:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
arch_data.access = access;
data/skiboot-6.6.2/external/common/arch_flash_arm.c:275:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access;
data/skiboot-6.6.2/external/common/arch_flash_arm.c:282:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return arch_data.flash_chip ? arch_data.access : ACCESS_INVAL;
data/skiboot-6.6.2/external/common/arch_flash_arm.c:347:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mtd_dev = get_dev_mtd(arch_data.access);
data/skiboot-6.6.2/external/common/arch_flash_arm.c:354:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
new_bl = flash_setup(arch_data.access);
data/skiboot-6.6.2/external/common/arch_flash_common.c:38:113: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum flash_access __attribute__((weak,const)) arch_flash_access(struct blocklevel_device *bl, enum flash_access access)
data/skiboot-6.6.2/external/common/arch_flash_common.c:41:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
(void)access;
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:208:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum flash_access access)
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:212:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != PNOR_MTD)
data/skiboot-6.6.2/external/gard/gard.c:253:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset += sprintf(buffer + offset, "/%s%d",
data/skiboot-6.6.2/external/gard/gard.c:796:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(FDT_FSP_NODE, F_OK) == 0;
data/skiboot-6.6.2/external/gard/gard.c:913:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(VPNOR_GARD_FILE" is missing. Nothing to do\n");
data/skiboot-6.6.2/external/lpc/lpc.c:77:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path, 255, SYSFS_PREFIX "/%s", argv[1]);
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:302:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "mysim bogus socket init %i client %s %i poll 0",
data/skiboot-6.6.2/external/opal-prd/i2c.c:228:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dpath, SYSFS "/class/i2c-dev/%s/name", devent->d_name);
data/skiboot-6.6.2/external/opal-prd/module.c:24:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("modprobe", "modprobe", module, NULL);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:191:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:263:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK))
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1901:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, runcmd_output);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2083:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, opal_prd_socket);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2275:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, opal_prd_socket);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2501:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, argv[i]);
data/skiboot-6.6.2/external/opal-prd/opal-prd.h:12:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/skiboot-6.6.2/external/opal-prd/pnor.c:32:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(pnor->path, R_OK | W_OK) == 0)
data/skiboot-6.6.2/external/opal-prd/pnor.c:39:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(FDT_FLASH_PATH, R_OK) == 0)
data/skiboot-6.6.2/external/opal-prd/test/test_pnor.c:21:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/skiboot-6.6.2/external/trace/dump_trace.c:96:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("OPAL CALL %"PRIu64, be64_to_cpu(t->token));
data/skiboot-6.6.2/external/trace/dump_trace.c:97:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" LR=0x%016"PRIx64" SP=0x%016"PRIx64,
data/skiboot-6.6.2/external/trace/dump_trace.c:102:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" R%u=0x%016"PRIx64,
data/skiboot-6.6.2/external/xscom-utils/getscom.c:145:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%016" PRIx64, val);
data/skiboot-6.6.2/external/xscom-utils/putscom.c:101:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%016" PRIx64, val);
data/skiboot-6.6.2/external/xscom-utils/sram.c:12:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(fmt...) do { if (verbose) printf(fmt); } while(0)
data/skiboot-6.6.2/external/xscom-utils/sram.c:13:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERR(fmt...) do { fprintf(stderr, fmt); } while(0)
data/skiboot-6.6.2/hdata/memory.c:737:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(node_name, name);
data/skiboot-6.6.2/hdata/test/stubs.c:15:97: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void _prlog(int log_level __attribute__((unused)), const char* fmt, ...) __attribute__((format (printf, 2, 3)));
data/skiboot-6.6.2/hdata/test/stubs.c:28:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/skiboot-6.6.2/hw/fsp/fsp-sysparam.c:471:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, sysparam_attrs[i].name);
data/skiboot-6.6.2/hw/ipmi/ipmi-power.c:56:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ipmi_set_power_state(uint8_t system, uint8_t device)
data/skiboot-6.6.2/hw/ipmi/ipmi-power.c:60:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
uint8_t system;
data/skiboot-6.6.2/hw/ipmi/ipmi-power.c:67:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
power_state.system = system;
data/skiboot-6.6.2/hw/ipmi/ipmi-power.c:70:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != IPMI_PWR_NOCHANGE)
data/skiboot-6.6.2/hw/ipmi/ipmi-power.c:71:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
power_state.system |= 0x80;
data/skiboot-6.6.2/hw/ipmi/ipmi-power.c:82:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
power_state.system, power_state.device);
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:461:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static void sel_pnor(uint8_t access, void *context __unused)
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:466:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch (access) {
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:500:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access);
data/skiboot-6.6.2/include/errorlog.h:342:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char *fmt, ...) __attribute__ ((format (printf, 2, 3)));
data/skiboot-6.6.2/include/errorlog.h:351:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
const char *fmt, ...) __attribute__ ((format (printf, 2, 3)));
data/skiboot-6.6.2/include/ipmi.h:231:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ipmi_set_power_state(uint8_t system, uint8_t device);
data/skiboot-6.6.2/include/skiboot.h:80:73: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void _prlog(int log_level, const char* fmt, ...) __attribute__((format (printf, 2, 3)));
data/skiboot-6.6.2/libc/include/stdio.h:44:61: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int _printf(const char *format, ...) __attribute__((format (printf, 1, 2)));
data/skiboot-6.6.2/libc/include/stdio.h:50:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(f, ...) do { _printf(pr_fmt(f), ##__VA_ARGS__); } while(0)
data/skiboot-6.6.2/libc/include/stdio.h:52:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int fprintf(FILE *stream, const char *format, ...) __attribute__((format (printf, 2, 3)));
data/skiboot-6.6.2/libc/include/stdio.h:52:75: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int fprintf(FILE *stream, const char *format, ...) __attribute__((format (printf, 2, 3)));
data/skiboot-6.6.2/libc/include/stdio.h:53:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *str, size_t size, const char *format, ...) __attribute__((format (printf, 3, 4)));
data/skiboot-6.6.2/libc/include/stdio.h:53:87: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int snprintf(char *str, size_t size, const char *format, ...) __attribute__((format (printf, 3, 4)));
data/skiboot-6.6.2/libc/include/stdio.h:54:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int vfprintf(FILE *stream, const char *format, va_list);
data/skiboot-6.6.2/libc/include/stdio.h:55:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char *str, size_t size, const char *format, va_list);
data/skiboot-6.6.2/libc/include/stdio.h:65:5: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int scanf(const char *format, ...) __attribute__((format (scanf, 1, 2)));
data/skiboot-6.6.2/libc/include/stdio.h:65:60: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int scanf(const char *format, ...) __attribute__((format (scanf, 1, 2)));
data/skiboot-6.6.2/libc/include/stdio.h:66:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int fscanf(FILE *stream, const char *format, ...) __attribute__((format (scanf, 2, 3)));
data/skiboot-6.6.2/libc/include/stdio.h:66:74: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int fscanf(FILE *stream, const char *format, ...) __attribute__((format (scanf, 2, 3)));
data/skiboot-6.6.2/libc/include/stdio.h:67:5: [4] (buffer) vfscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int vfscanf(FILE *stream, const char *format, va_list);
data/skiboot-6.6.2/libc/include/stdio.h:68:5: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int vsscanf(const char *str, const char *format, va_list);
data/skiboot-6.6.2/libc/include/string.h:18:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy __builtin_strcpy
data/skiboot-6.6.2/libc/include/string.h:20:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define strcat __builtin_strcat
data/skiboot-6.6.2/libc/stdio/fprintf.c:16:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int fprintf(FILE *stream, const char* fmt, ...)
data/skiboot-6.6.2/libc/stdio/fprintf.c:22:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
count = vfprintf(stream, fmt, ap);
data/skiboot-6.6.2/libc/stdio/snprintf.c:16:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *buff, size_t size, const char *format, ...)
data/skiboot-6.6.2/libc/stdio/snprintf.c:25:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = vsnprintf(buff, size, format, ar);
data/skiboot-6.6.2/libc/stdio/vfprintf.c:17:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int vfprintf(FILE *stream, const char *fmt, va_list ap)
data/skiboot-6.6.2/libc/stdio/vfprintf.c:22:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/skiboot-6.6.2/libc/stdio/vsnprintf.c:248:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(char *buffer, size_t bufsize, const char *format, va_list arg)
data/skiboot-6.6.2/libc/string/strcat.c:16:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(char *dst, const char *src);
data/skiboot-6.6.2/libc/string/strcat.c:17:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char *strcat(char *dst, const char *src);
data/skiboot-6.6.2/libc/string/strcat.c:18:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char *strcat(char *dst, const char *src)
data/skiboot-6.6.2/libc/string/strcat.c:23:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&dst[p], src);
data/skiboot-6.6.2/libc/string/strcpy.c:13:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(char *dst, const char *src);
data/skiboot-6.6.2/libc/string/strcpy.c:14:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(char *dst, const char *src)
data/skiboot-6.6.2/libc/test/run-snprintf-test.c:38:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = vsnprintf(buf, l, format, ar);
data/skiboot-6.6.2/libc/test/run-snprintf.c:108:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf2, blen, f, n);
data/skiboot-6.6.2/libflash/errors.h:33:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define FL_DBG(fmt...) do { if (libflash_debug) printf(fmt); } while(0)
data/skiboot-6.6.2/libflash/errors.h:34:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define FL_INF(fmt...) do { printf(fmt); } while(0)
data/skiboot-6.6.2/libflash/errors.h:35:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define FL_ERR(fmt...) do { printf(fmt); } while(0)
data/skiboot-6.6.2/libflash/test/stubs.c:43:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/skiboot-6.6.2/libflash/test/test-blocklevel.c:16:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERR(fmt...) fprintf(stderr, fmt)
data/skiboot-6.6.2/libflash/test/test-ecc.c:15:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERR(fmt...) fprintf(stderr, fmt)
data/skiboot-6.6.2/libflash/test/test-flash.c:17:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERR(fmt...) fprintf(stderr, fmt)
data/skiboot-6.6.2/libpore/p8_delta_scan_rw.h:154:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define MY_INF(_fmt_, _args_...) printf(_fmt_, ##_args_)
data/skiboot-6.6.2/libpore/p8_delta_scan_rw.h:155:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define MY_ERR(_fmt_, _args_...) printf(_fmt_, ##_args_)
data/skiboot-6.6.2/libpore/p8_delta_scan_rw.h:156:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define MY_DBG(_fmt_, _args_...) printf(_fmt_, ##_args_)
data/skiboot-6.6.2/libpore/sbe_xip_image.c:75:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy(dest, src) hvstrcpy(dest, src)
data/skiboot-6.6.2/libpore/sbe_xip_image.c:97:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf(stream, ...) FAPI_ERR(__VA_ARGS__)
data/skiboot-6.6.2/libpore/sbe_xip_image.c:98:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(...) FAPI_INF(__VA_ARGS__)
data/skiboot-6.6.2/libpore/sbe_xip_image.c:121:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "%s:%d : Returning error code %d : %s" TRACE_NEWLINE, \
data/skiboot-6.6.2/libpore/sbe_xip_image.c:130:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ##__VA_ARGS__); \
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2092:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, i_data);
data/skiboot-6.6.2/libstb/container-utils.c:80:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pattern, "^(0x|0X)?[a-fA-F0-9]%s$", multiplier);
data/skiboot-6.6.2/libstb/container-utils.c:114:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pattern, "^[a-zA-Z0-9_+-]%s$", multiplier);
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:33:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/skiboot-6.6.2/libstb/secvar/test/secvar_api_test.c:68:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_RED "FAILED" COLOR_RESET "\n");
data/skiboot-6.6.2/libstb/secvar/test/secvar_api_test.c:70:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_GREEN "OK" COLOR_RESET "\n");
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:364:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(loc_code, phb->base_loc_code);
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:366:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(loc_code, s->label);
data/skiboot-6.6.2/platforms/mambo/console.c:70:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
i = vsnprintf(buf, sizeof(buf), fmt, args);
data/skiboot-6.6.2/ccan/list/test/helper.c:24:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((int)time(NULL));
data/skiboot-6.6.2/ccan/list/test/helper.c:28:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
blob->secret_offset = random() % (sizeof(blob->secret_drawer));
data/skiboot-6.6.2/core/test/run-timer.c:76:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
schedule_timer(&timers[i], random() >> rand_shift);
data/skiboot-6.6.2/external/ffspart/ffspart.c:367:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "+:ec:gi:p:s:", long_opts, &oidx);
data/skiboot-6.6.2/external/gard/gard.c:829:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, global_optstring, global_options,
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:241:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((option = getopt(argc, argv,"rb:h:s:")) != -1) {
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2623:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "f:p:dhse", opal_diag_options, NULL);
data/skiboot-6.6.2/external/pflash/pflash.c:776:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "+:a:s:P:r:43Eep:fdihvbtgS:T:c9F:",
data/skiboot-6.6.2/external/trace/dump_trace.c:268:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "fs:")) != -1) {
data/skiboot-6.6.2/external/xscom-utils/getscom.c:90:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "-c:bhlv", long_opts, &oidx);
data/skiboot-6.6.2/external/xscom-utils/getsram.c:51:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "-c:n:hl:vf:", long_opts, &oidx);
data/skiboot-6.6.2/external/xscom-utils/putscom.c:45:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "-c:bhv", long_opts, &oidx);
data/skiboot-6.6.2/libc/include/getopt.h:34:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char **, const char *);
data/skiboot-6.6.2/libc/include/getopt.h:35:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char **, const char *, const struct option *, int *);
data/skiboot-6.6.2/libflash/test/test-mbox.c:240:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1);
data/skiboot-6.6.2/libstb/create-container.c:367:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "hvdw:a:b:c:p:q:r:A:B:C:P:Q:R:L:I:o:O:f:F:l:",
data/skiboot-6.6.2/libstb/print-container.c:605:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "hvdw:sI:", opts, &indexptr);
data/skiboot-6.6.2/ccan/array_size/test/compile_fail.c:3:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int main(int argc, char *argv[8])
data/skiboot-6.6.2/ccan/array_size/test/compile_fail.c:5:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[100];
data/skiboot-6.6.2/ccan/array_size/test/run.c:4:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char array1[1];
data/skiboot-6.6.2/ccan/array_size/test/run.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/skiboot-6.6.2/ccan/endian/test/compile_ok-constant.c:4:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char one[BSWAP_16(0xFF00)];
data/skiboot-6.6.2/ccan/endian/test/compile_ok-constant.c:5:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char two[BSWAP_32(0xFF000000)];
data/skiboot-6.6.2/ccan/endian/test/compile_ok-constant.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char three[BSWAP_64(0xFF00000000000000ULL)];
data/skiboot-6.6.2/ccan/endian/test/run.c:10:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u64_bytes[8];
data/skiboot-6.6.2/ccan/endian/test/run.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u32_bytes[4];
data/skiboot-6.6.2/ccan/endian/test/run.c:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u16_bytes[2];
data/skiboot-6.6.2/ccan/list/test/helper.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret_drawer[42];
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char printf_buffer[1000];
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[100];
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:53:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expect, "test message: prev corrupt in node %p (0) of %p\n",
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:76:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expect, "test message: prev corrupt in node %p (1) of %p\n",
data/skiboot-6.6.2/ccan/list/test/run-check-corrupt.c:85:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expect, "test message: prev corrupt in node %p (0) of %p\n",
data/skiboot-6.6.2/ccan/str/test/compile_fail-STR_MAX_CHARS.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[STR_MAX_CHARS(val)];
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:32:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "0x%llx", (unsigned long long)types.u1byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:34:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "0x%llx", (unsigned long long)types.u2byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:36:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "0x%llx", (unsigned long long)types.u4byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:38:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "0x%llx", (unsigned long long)types.u8byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:42:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%u", types.u1byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:44:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", types.s1byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:46:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%u", types.u2byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:48:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", types.s2byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:50:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%u", types.u4byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:52:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", types.s4byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:54:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%llu", (unsigned long long)types.u8byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:56:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%lld", (long long)types.s8byte);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:60:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%p", types.ptr);
data/skiboot-6.6.2/ccan/str/test/run.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[NUM_SUBSTRINGS * NUM_SUBSTRINGS];
data/skiboot-6.6.2/core/console-log.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[320];
data/skiboot-6.6.2/core/console.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/skiboot-6.6.2/core/device.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[16 + 1]; /* max size of a 64bit int */
data/skiboot-6.6.2/core/device.c:304:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, n->name, len);
data/skiboot-6.6.2/core/device.c:470:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->prop, val, size);
data/skiboot-6.6.2/core/device.c:1122:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&prop->prop, &p, prop->len);
data/skiboot-6.6.2/core/direct-controls.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcl_cmd[50];
data/skiboot-6.6.2/core/direct-controls.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcl_cmd[50];
data/skiboot-6.6.2/core/errorlog.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, size);
data/skiboot-6.6.2/core/errorlog.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[250];
data/skiboot-6.6.2/core/errorlog.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[250];
data/skiboot-6.6.2/core/exceptions.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXCEPTION_MAX_STR];
data/skiboot-6.6.2/core/exceptions.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXCEPTION_MAX_STR];
data/skiboot-6.6.2/core/exceptions.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXCEPTION_MAX_STR];
data/skiboot-6.6.2/core/flash-subpartition.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eyecatcher[4];
data/skiboot-6.6.2/core/flash-subpartition.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eyecatcher[5];
data/skiboot-6.6.2/core/flash.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PART_NAME_MAX+1];
data/skiboot-6.6.2/core/i2c.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[17]; /* 8 bytes in hex + NUL */
data/skiboot-6.6.2/core/init.c:763:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(s);
data/skiboot-6.6.2/core/init.c:871:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)0x100, (void *)(SKIBOOT_BASE + 0x100),
data/skiboot-6.6.2/core/init.c:934:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pcie_max_link_speed = atoi(nvram_speed);
data/skiboot-6.6.2/core/ipmi-opal.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&opal_ipmi_msg->data[1], msg->data, msg->resp_size);
data/skiboot-6.6.2/core/ipmi.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, req_data, req_size);
data/skiboot-6.6.2/core/malloc.c:61:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, copy);
data/skiboot-6.6.2/core/mem_region.c:1513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, region->node->name, len);
data/skiboot-6.6.2/core/nvram-format.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/skiboot-6.6.2/core/nvram-format.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->name, NVRAM_NAME_FREE, 12);
data/skiboot-6.6.2/core/nvram.c:34:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)buffer, nvram_image + offset, size);
data/skiboot-6.6.2/core/nvram.c:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nvram_image + offset, (void *)buffer, size);
data/skiboot-6.6.2/core/opal-dump.c:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)tmp_mdst,
data/skiboot-6.6.2/core/opal-dump.c:206:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)tmp_mddt,
data/skiboot-6.6.2/core/opal-msg.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->msg.params, params, params_size);
data/skiboot-6.6.2/core/opal-msg.c:112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)buffer, (void *)&entry->msg, msg_size);
data/skiboot-6.6.2/core/opal-msg.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &entry->msg, sizeof(entry->msg));
data/skiboot-6.6.2/core/pci-slot.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8], loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/core/pci.c:1427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slotstr[MAX_SLOTSTR + 1] = { 0, };
data/skiboot-6.6.2/core/pci.c:1488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME];
data/skiboot-6.6.2/core/pci.c:1489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compat[MAX_NAME];
data/skiboot-6.6.2/core/pel.c:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtms->model, dt_prop_get(dt_root, "model"), OPAL_SYS_MODEL_LEN);
data/skiboot-6.6.2/core/pel.c:36:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtms->serial_no, p->prop, OPAL_SYS_SERIAL_LEN);
data/skiboot-6.6.2/core/pel.c:64:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extdhdr->model, opalmodel, OPAL_SYS_MODEL_LEN);
data/skiboot-6.6.2/core/pel.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extdhdr->serial_no, p->prop, OPAL_SYS_SERIAL_LEN);
data/skiboot-6.6.2/core/pel.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4];
data/skiboot-6.6.2/core/pel.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src->srcstring, type, 2);
data/skiboot-6.6.2/core/pel.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsys[4];
data/skiboot-6.6.2/core/pel.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src->srcstring+2, subsys, 2);
data/skiboot-6.6.2/core/pel.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refcode[8];
data/skiboot-6.6.2/core/pel.c:107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src->srcstring+4, refcode, 4);
data/skiboot-6.6.2/core/pel.c:225:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(usrhdr->dump, opal_buf, be16_to_cpu(opal_usr_data->size));
data/skiboot-6.6.2/core/stack.c:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bt_text_buf[4096];
data/skiboot-6.6.2/core/test/run-console-log-buf-overrun.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char console_buffer[4096];
data/skiboot-6.6.2/core/test/run-console-log-buf-overrun.c:50:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(console_buffer, buf, count);
data/skiboot-6.6.2/core/test/run-console-log-pr_fmt.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char console_buffer[4096];
data/skiboot-6.6.2/core/test/run-console-log-pr_fmt.c:35:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(console_buffer, buf, count);
data/skiboot-6.6.2/core/test/run-console-log.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char console_buffer[4096];
data/skiboot-6.6.2/core/test/run-console-log.c:35:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(console_buffer, buf, count);
data/skiboot-6.6.2/core/test/run-cpufeatures.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[16];
data/skiboot-6.6.2/core/test/run-device.c:12:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[16];
data/skiboot-6.6.2/core/test/run-device.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/skiboot-6.6.2/core/test/run-device.c:227:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(__rodata_start, "name");
data/skiboot-6.6.2/core/test/run-flash-firmware-versions.c:91:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[1], __rodata_end[1];
data/skiboot-6.6.2/core/test/run-flash-firmware-versions.c:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, loaded_version_buf, *len);
data/skiboot-6.6.2/core/test/run-flash-firmware-versions.c:134:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/skiboot-6.6.2/core/test/run-flash-subpartition.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char capp[4096] = {0x43, 0x41, 0x50, 0x50, 0x00, 0x00, 0x00, 0x01,
data/skiboot-6.6.2/core/test/run-malloc-speed.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[1], __rodata_end[1];
data/skiboot-6.6.2/core/test/run-mem_range_is_reserved.c:84:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "memory@%llx", (long long)start);
data/skiboot-6.6.2/core/test/run-mem_region_init.c:39:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(ret, str, strlen(str) + 1);
data/skiboot-6.6.2/core/test/run-mem_region_init.c:87:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "memory@%llx", (unsigned long long)start);
data/skiboot-6.6.2/core/test/run-mem_region_release_unused.c:82:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "memory@%llx", (long long)start);
data/skiboot-6.6.2/core/test/run-mem_region_release_unused_noalloc.c:82:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "memory@%llx", (long long)start);
data/skiboot-6.6.2/core/test/run-mem_region_reservations.c:81:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "memory@%llx", (long long)start);
data/skiboot-6.6.2/core/test/run-nvram-format.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, TEST_1, sizeof(TEST_1));
data/skiboot-6.6.2/core/test/run-pel.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[16];
data/skiboot-6.6.2/core/test/run-pel.c:106:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp->data_dump, "Hello World!");
data/skiboot-6.6.2/core/test/run-trace.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[1], __rodata_end[1];
data/skiboot-6.6.2/core/trace.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BOOT_TBUF_SZ + MAX_SIZE];
data/skiboot-6.6.2/core/trace.c:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ti->tb.buf + be64_to_cpu(ti->tb.end) % be64_to_cpu(ti->tb.buf_size),
data/skiboot-6.6.2/core/trace.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[256];
data/skiboot-6.6.2/core/utils.c:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sym, l);
data/skiboot-6.6.2/external/common/arch_flash_arm.c:152:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
arch_data.fd = open("/dev/mem", O_RDWR | O_SYNC);
data/skiboot-6.6.2/external/common/arch_flash_arm.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/skiboot-6.6.2/external/common/arch_flash_arm.c:237:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/mtd", "r");
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr_buf[10];
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:46:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev_path, O_RDONLY);
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdt_node_path[PATH_MAX];
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:77:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fdt_flash_path, O_RDONLY);
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdt_node_path_tmp[PATH_MAX];
data/skiboot-6.6.2/external/ffspart/ffspart.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FFS_PART_NAME_MAX + 2] = { 0 };
data/skiboot-6.6.2/external/ffspart/ffspart.c:130:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, line, FFS_PART_NAME_MAX + 1);
data/skiboot-6.6.2/external/ffspart/ffspart.c:253:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_fd = open(filename, O_RDONLY);
data/skiboot-6.6.2/external/ffspart/ffspart.c:344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[MAX_LINE];
data/skiboot-6.6.2/external/ffspart/ffspart.c:415:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen(input, "r");
data/skiboot-6.6.2/external/gard/gard.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[MAX_PATH_SIZE];
data/skiboot-6.6.2/external/gard/gard.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[MAX_PATH_SIZE];
data/skiboot-6.6.2/external/gard/gard.c:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[2];
data/skiboot-6.6.2/external/lpc/lpc.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/skiboot-6.6.2/external/lpc/lpc.c:78:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR);
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:120:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open;
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_MAX];
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:153:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!si->open)
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_MAX];
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:189:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!si->open)
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128];
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:247:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
host_port = atoi(optarg);
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:250:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sim_port = atoi(optarg);
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:284:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "mysim bogus socket cleanup");
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:287:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "mysim bogus socket init 0 server "
data/skiboot-6.6.2/external/memboot/memboot.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memimg, fwimg, size);
data/skiboot-6.6.2/external/memboot/memboot.c:73:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fw_fd = open(filename, O_RDONLY);
data/skiboot-6.6.2/external/memboot/memboot.c:105:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mem_fd = open("/dev/mem", O_RDWR | O_SYNC);
data/skiboot-6.6.2/external/opal-prd/i2c.c:57:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bus->fd = open(bus->devpath, O_RDWR);
data/skiboot-6.6.2/external/opal-prd/i2c.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + offset_size, data, length);
data/skiboot-6.6.2/external/opal-prd/i2c.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpath[PATH_MAX];
data/skiboot-6.6.2/external/opal-prd/i2c.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char busname[256];
data/skiboot-6.6.2/external/opal-prd/i2c.c:229:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dpath, "r");
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:630:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ipmi_devnode, O_RDWR);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:703:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ADDR_STRING_SZ];
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:726:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memfd = open(sysfsfile, O_WRONLY);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->fw_req.data, req, req_len);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:833:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp, msg->fw_resp.data, size);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item->msg, msg, size);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:920:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:981:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dump_name, O_WRONLY | O_CREAT, 0644);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1009:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instance_str[20];
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1356:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctx->fd = open(opal_prd_devnode, O_RDWR);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1905:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "Null");
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2395:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[0], "r");
data/skiboot-6.6.2/external/opal-prd/test/test_pnor_ops.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[24];
data/skiboot-6.6.2/external/opal-prd/test/test_pnor_ops.c:121:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "/tmp/pnor-XXXXXX");
data/skiboot-6.6.2/external/opal-prd/test/test_pnor_ops.c:123:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(filename);
data/skiboot-6.6.2/external/pflash/pflash.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yes[8], *p;
data/skiboot-6.6.2/external/pflash/pflash.c:421:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/skiboot-6.6.2/external/pflash/pflash.c:499:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_WRONLY | O_TRUNC | O_CREAT, 00666);
data/skiboot-6.6.2/external/pflash/pflash.c:859:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flash_side = atoi(optarg);
data/skiboot-6.6.2/external/trace/dump_trace.c:156:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&te->t, &t, sizeof(union trace));
data/skiboot-6.6.2/external/trace/dump_trace.c:291:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[i], O_RDONLY);
data/skiboot-6.6.2/external/trace/trace.c:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, tr->tb->buf + tr->rpos % be64_to_cpu(tr->tb->buf_size), len);
data/skiboot-6.6.2/external/xscom-utils/getscom.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname_buf[64];
data/skiboot-6.6.2/external/xscom-utils/getsram.c:100:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/skiboot-6.6.2/external/xscom-utils/xscom.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[strlen(base_path) + strlen(dname) + 16];
data/skiboot-6.6.2/external/xscom-utils/xscom.c:50:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(nbuf, O_RDWR);
data/skiboot-6.6.2/extract-gcov.c:130:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
data/skiboot-6.6.2/extract-gcov.c:208:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/skiboot-6.6.2/hdata/cpu-common.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/skiboot-6.6.2/hdata/fsp.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/skiboot-6.6.2/hdata/hdif.h:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[6]; /* eye catcher string */
data/skiboot-6.6.2/hdata/hostservices.c:38:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->prop + dst->len, src->prop, src->len);
data/skiboot-6.6.2/hdata/iohub.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recname[5];
data/skiboot-6.6.2/hdata/iohub.c:26:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(recname, "LXR0");
data/skiboot-6.6.2/hdata/iohub.c:41:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lxrbuf, lxr, sizeof(beint32_t)*2);
data/skiboot-6.6.2/hdata/iohub.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE + 1];
data/skiboot-6.6.2/hdata/memory.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16];
data/skiboot-6.6.2/hdata/memory.c:720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node_name[HB_RESERVE_MEM_LABEL_SIZE + 5] = { 0 };
data/skiboot-6.6.2/hdata/memory.c:757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[HB_RESERVE_MEM_LABEL_SIZE + 1];
data/skiboot-6.6.2/hdata/memory.c:805:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(label, hb_resv_mem->label, label_size);
data/skiboot-6.6.2/hdata/slca.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/hdata/spira.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wafer_id[11];
data/skiboot-6.6.2/hdata/spira.c:1242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[65];
data/skiboot-6.6.2/hdata/spira.c:1273:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "tm-suspend-mode");
data/skiboot-6.6.2/hdata/spira.h:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_model[4];
data/skiboot-6.6.2/hdata/spira.h:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpu_feature_code[4];
data/skiboot-6.6.2/hdata/spira.h:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/skiboot-6.6.2/hdata/spira.h:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[16];
data/skiboot-6.6.2/hdata/spira.h:749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/skiboot-6.6.2/hdata/test/hdata_to_dt.c:176:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __rodata_start[1], __rodata_end[1];
data/skiboot-6.6.2/hdata/test/hdata_to_dt.c:353:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/skiboot-6.6.2/hdata/test/hdata_to_dt.c:367:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/skiboot-6.6.2/hdata/test/hdata_to_dt.c:387:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[2], O_RDONLY);
data/skiboot-6.6.2/hdata/vpd.c:223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop, val, vlen);
data/skiboot-6.6.2/hw/dts.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/skiboot-6.6.2/hw/fake-nvram.c:30:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, (void *) (nvram_region->start + src), len);
data/skiboot-6.6.2/hw/fake-nvram.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) (nvram_region->start + offset), src, size);
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char validate_buf[VALIDATE_BUF_SIZE];
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[FW_VER_SIZE];
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:787:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(validate_buf, (void *)buffer, VALIDATE_BUF_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_keyword[MI_KEYWORD_SIZE]; /* NNSSS_FFF */
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_fw_id[ML_KEYWORD_SIZE]; /* FWxxx.yy */
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[3]; /* "MLH" */
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sp_ga_date[8]; /* YYYYMMDD */
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_keyword_data[40];
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lid_info[64]; /* code level */
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_keyword[40]; /* MI Keyword */
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lst_disrupt_fix_lvl[3];
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skip[21]; /* Skip not interested fields */
data/skiboot-6.6.2/hw/fsp/fsp-console.c:41:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open;
data/skiboot-6.6.2/hw/fsp/fsp-console.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/hw/fsp/fsp-console.c:119:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fs->open) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:142:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fs->open && fs->poke_msg == msg) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:164:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fs->open)
data/skiboot-6.6.2/hw/fsp/fsp-console.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sb->data[old_nin], buf, chunk);
data/skiboot-6.6.2/hw/fsp/fsp-console.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sb->data[0], buf + chunk, len - chunk);
data/skiboot-6.6.2/hw/fsp/fsp-console.c:281:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fs->open) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:392:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fs->open) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:461:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fs->open)
data/skiboot-6.6.2/hw/fsp/fsp-console.c:594:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fs->open) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:645:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fs->open) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:710:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fs->open) {
data/skiboot-6.6.2/hw/fsp/fsp-console.c:730:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &sb->data[be16_to_cpu(sb->next_out)], chunk);
data/skiboot-6.6.2/hw/fsp/fsp-console.c:732:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + chunk, &sb->data[0], n - chunk);
data/skiboot-6.6.2/hw/fsp/fsp-console.c:749:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fs->log_port || !fs->open)
data/skiboot-6.6.2/hw/fsp/fsp-console.c:802:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fs->open)
data/skiboot-6.6.2/hw/fsp/fsp-console.c:1052:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fsp_serials[1].open && use_serial) {
data/skiboot-6.6.2/hw/fsp/fsp-elog-read.c:354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, elog_read_buffer, size);
data/skiboot-6.6.2/hw/fsp/fsp-elog-write.c:197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, elog_write_to_host_buffer, opal_elog_size);
data/skiboot-6.6.2/hw/fsp/fsp-ipmi.c:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req_buf, ipmi_msg->data, ipmi_msg->req_size);
data/skiboot-6.6.2/hw/fsp/fsp-ipmi.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipmi_msg->data, resp_buf, length);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:599:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sled.lc_code, sled.lc_len); /* Location code */
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:789:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data, &lcode, sizeof(lcode));
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:868:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &total_size, sizeof(total_size));
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:871:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(total_size), &header_size, sizeof(header_size));
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(total_size) + sizeof(header_size), &flags,
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:1528:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sai_data.loc_code, child->name, LOC_CODE_SIZE - 1);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:1678:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encl_led_data, led_data, sizeof(struct fsp_led_data));
data/skiboot-6.6.2/hw/fsp/fsp-op-panel.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_line, (void *) be64_to_cpu(lines[i].line), len);
data/skiboot-6.6.2/hw/fsp/fsp-sensor.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)sensor_mod_data, sensor_buf_ptr,
data/skiboot-6.6.2/hw/fsp/fsp-sensor.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME];
data/skiboot-6.6.2/hw/fsp/fsp-sysparam.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->ubuf, &r->resp.data.bytes[8], len);
data/skiboot-6.6.2/hw/fsp/fsp.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fsp.fsp_msg.data, msg->data.bytes, msg->dlen);
data/skiboot-6.6.2/hw/imc.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/hw/ipmi/ipmi-attn.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ti_buffer[IPMI_TI_BUFFER_SIZE];
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], str, len);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &common_hdr, sizeof(common_hdr));
data/skiboot-6.6.2/hw/ipmi/ipmi-info.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/skiboot-6.6.2/hw/ipmi/ipmi-info.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipmi_dev_id, msg->data, msg->resp_size);
data/skiboot-6.6.2/hw/ipmi/ipmi-info.c:165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipmi_sys_boot_opt, msg->data, msg->resp_size);
data/skiboot-6.6.2/hw/ipmi/ipmi-rtc.c:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&result, msg->data, 4);
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, &sel_record, sizeof(struct sel_record));
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:316:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pel_buf[IPMI_MAX_PEL_SIZE];
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg->data[ESEL_HDR_SIZE], &sel_record,
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg->data[ESEL_HDR_SIZE], &pel_buf[pel_index],
data/skiboot-6.6.2/hw/ipmi/ipmi-sel.c:674:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sel, msg->data, msg->resp_size);
data/skiboot-6.6.2/hw/lpc-uart.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, in_buf, read_cnt);
data/skiboot-6.6.2/hw/npu.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/hw/npu.c:1559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slotbuf[32];
data/skiboot-6.6.2/hw/npu2-common.c:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_name[17];
data/skiboot-6.6.2/hw/npu2-common.c:665:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nv_zcal_nominal = atoi(zcal);
data/skiboot-6.6.2/hw/npu2-opencapi.c:1346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/skiboot-6.6.2/hw/npu3.c:433:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *names[NPU3_IRQ_LEVELS] = {
data/skiboot-6.6.2/hw/occ-sensor.c:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[30] = "";
data/skiboot-6.6.2/hw/occ-sensor.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[30] = "";
data/skiboot-6.6.2/hw/occ-sensor.c:466:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/skiboot-6.6.2/hw/occ.c:1178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd->data, chip->cdata->data, cmd->data_size);
data/skiboot-6.6.2/hw/occ.c:1624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/skiboot-6.6.2/hw/occ.c:1781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/skiboot-6.6.2/hw/p8-i2c.c:1411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/skiboot-6.6.2/hw/phb3.c:841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)p->tbl_rtt, p->rte_cache, RTT_TABLE_SIZE);
data/skiboot-6.6.2/hw/phb3.c:843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)p->tbl_peltv, p->peltv_cache, PELTV_TABLE_SIZE);
data/skiboot-6.6.2/hw/phb3.c:2151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)p->tbl_rtt, p->rte_cache, RTT_TABLE_SIZE);
data/skiboot-6.6.2/hw/phb4.c:2423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80];
data/skiboot-6.6.2/hw/phb4.c:6012:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rx_err_max = atoi(s);
data/skiboot-6.6.2/hw/prd.c:416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(fw_notify->mbox_msg), data, dsize);
data/skiboot-6.6.2/hw/prd.c:599:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fw_resp, fw_req, fw_req_len);
data/skiboot-6.6.2/hw/psi.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[30];
data/skiboot-6.6.2/hw/psi.c:490:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *names[P8_IRQ_PSI_IRQ_COUNT] = {
data/skiboot-6.6.2/hw/psi.c:516:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *psi_p9_irq_names[P9_PSI_NUM_IRQS] = {
data/skiboot-6.6.2/hw/psi.c:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[30];
data/skiboot-6.6.2/hw/sfc-ctrl.c:153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, data, len); /* XXX: is this right? */
data/skiboot-6.6.2/hw/sfc-ctrl.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &tmp, len);
data/skiboot-6.6.2/hw/slw.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LEN];
data/skiboot-6.6.2/include/device.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prop[/* len */];
data/skiboot-6.6.2/include/errorlog.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_dump[1];
data/skiboot-6.6.2/include/errorlog.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_data_dump[OPAL_LOG_MAX_DUMP];
data/skiboot-6.6.2/include/fsp-attn.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[VERSION_LEN];
data/skiboot-6.6.2/include/fsp-attn.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bt_buf[BT_FRAME_LEN];
data/skiboot-6.6.2/include/fsp-attn.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_info[FILE_INFO_LEN];
data/skiboot-6.6.2/include/fsp-attn.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[SRC_LEN];
data/skiboot-6.6.2/include/fsp-leds.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/fsp-leds.h:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/fsp-leds.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/fsp-leds.h:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE + 2]; /* 82 */
data/skiboot-6.6.2/include/fsp-leds.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/fsp-leds.h:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/fsp-leds.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/fsp-leds.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/include/occ.h:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_CHARS_SENSOR_NAME];
data/skiboot-6.6.2/include/occ.h:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[MAX_CHARS_SENSOR_UNIT];
data/skiboot-6.6.2/include/pel.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcstring[OPAL_MAX_SRC_BYTES];
data/skiboot-6.6.2/include/pel.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[OPAL_SYS_MODEL_LEN];
data/skiboot-6.6.2/include/pel.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_no[OPAL_SYS_SERIAL_LEN];
data/skiboot-6.6.2/include/pel.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opal_release_version[OPAL_VER_LEN];
data/skiboot-6.6.2/include/pel.h:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opal_subsys_version[OPAL_VER_LEN];
data/skiboot-6.6.2/include/pel.h:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opalsymid[OPAL_SYMPID_LEN];
data/skiboot-6.6.2/include/pel.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[OPAL_SYS_MODEL_LEN];
data/skiboot-6.6.2/include/pel.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_no[OPAL_SYS_SERIAL_LEN];
data/skiboot-6.6.2/include/pel.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump[1];
data/skiboot-6.6.2/include/spcn.h:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location[4];
data/skiboot-6.6.2/include/spcn.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __reserved[4];
data/skiboot-6.6.2/include/trace_types.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[/* TBUF_SZ + max_size */];
data/skiboot-6.6.2/libc/include/stdlib.h:22:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int atoi(const char *str);
data/skiboot-6.6.2/libc/include/stdlib.h:23:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long atol(const char *str);
data/skiboot-6.6.2/libc/include/string.h:36:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy __builtin_memcpy
data/skiboot-6.6.2/libc/include/string.h:43:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dest, src, n);
data/skiboot-6.6.2/libc/include/unistd.h:20:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern int open(const char *name, int flags);
data/skiboot-6.6.2/libc/stdio/stdchnls.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stdin_buffer[BUFSIZ], stdout_buffer[BUFSIZ];
data/skiboot-6.6.2/libc/stdio/vfprintf.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[320];
data/skiboot-6.6.2/libc/stdio/vsnprintf.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *form, sizec[32];
data/skiboot-6.6.2/libc/stdio/vsnprintf.c:268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formstr[20];
data/skiboot-6.6.2/libc/stdlib/atoi.c:15:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int atoi(const char *str)
data/skiboot-6.6.2/libc/stdlib/atol.c:15:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long atol(const char *str)
data/skiboot-6.6.2/libc/string/memcpy.c:16:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *dest, const void *src, size_t n);
data/skiboot-6.6.2/libc/string/memcpy.c:17:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *dest, const void *src, size_t n)
data/skiboot-6.6.2/libc/string/memmove.c:15:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *dest, const void *src, size_t n);
data/skiboot-6.6.2/libc/string/memmove.c:34:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dest, src, n);
data/skiboot-6.6.2/libc/string/strdup.c:16:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *dest, const void *src, size_t n);
data/skiboot-6.6.2/libc/string/strdup.c:25:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, src, len);
data/skiboot-6.6.2/libc/test/run-snprintf.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[2];
data/skiboot-6.6.2/libc/test/run-snprintf.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[32];
data/skiboot-6.6.2/libc/test/run-snprintf.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[32];
data/skiboot-6.6.2/libc/test/run-snprintf.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[32];
data/skiboot-6.6.2/libc/test/run-snprintf.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[32];
data/skiboot-6.6.2/libc/test/run-stdlib.c:19:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("0") == 0);
data/skiboot-6.6.2/libc/test/run-stdlib.c:20:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("1") == 1);
data/skiboot-6.6.2/libc/test/run-stdlib.c:21:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi(" 123456") == 123456);
data/skiboot-6.6.2/libc/test/run-stdlib.c:22:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("-72") == -72);
data/skiboot-6.6.2/libc/test/run-stdlib.c:23:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi(" -84") == -84);
data/skiboot-6.6.2/libc/test/run-stdlib.c:24:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("2147483647") == 2147483647);
data/skiboot-6.6.2/libc/test/run-stdlib.c:27:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("hello!123") == 0);
data/skiboot-6.6.2/libc/test/run-stdlib.c:28:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi(buf) == 42);
data/skiboot-6.6.2/libc/test/run-stdlib.c:29:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("42isthemagicnumber") == 42);
data/skiboot-6.6.2/libc/test/run-stdlib.c:32:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi("0x800") == 0);
data/skiboot-6.6.2/libc/test/run-stdlib.c:35:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atol("2147483648") == 2147483648);
data/skiboot-6.6.2/libc/test/run-stdlib.c:36:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atol("-2147483649") == -2147483649);
data/skiboot-6.6.2/libfdt/fdt.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/skiboot-6.6.2/libfdt/fdt.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/skiboot-6.6.2/libfdt/fdt_overlay.c:851:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, target_path, len + 1);
data/skiboot-6.6.2/libfdt/fdt_overlay.c:857:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + len + 1, rel_path, rel_path_len);
data/skiboot-6.6.2/libfdt/fdt_ro.c:591:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + p, name, namelen);
data/skiboot-6.6.2/libfdt/fdt_rw.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, s, len);
data/skiboot-6.6.2/libfdt/fdt_rw.c:284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namep, name, newlen+1);
data/skiboot-6.6.2/libfdt/fdt_rw.c:317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop_data, val, len);
data/skiboot-6.6.2/libfdt/fdt_rw.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop->data + oldlen, val, len);
data/skiboot-6.6.2/libfdt/fdt_rw.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop->data, val, len);
data/skiboot-6.6.2/libfdt/fdt_rw.c:397:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nh->name, name, namelen);
data/skiboot-6.6.2/libfdt/fdt_sw.c:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nh->name, name, namelen);
data/skiboot-6.6.2/libfdt/fdt_sw.c:299:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strtab + offset, s, len);
data/skiboot-6.6.2/libfdt/fdt_sw.c:370:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val, len);
data/skiboot-6.6.2/libfdt/fdt_wip.c:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)propval + idx, val, len);
data/skiboot-6.6.2/libflash/blocklevel.c:624:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(erase_buf + block_offset, write_buf, chunk_size);
data/skiboot-6.6.2/libflash/blocklevel.c:717:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_ranges[i], &new_ranges[i - 1], sizeof(range));
data/skiboot-6.6.2/libflash/blocklevel.c:720:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_ranges[insert_pos], &range, sizeof(range));
data/skiboot-6.6.2/libflash/ecc.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[BYTES_PER_ECC];
data/skiboot-6.6.2/libflash/ecc.c:284:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &data[alignment], bytes_wanted);
data/skiboot-6.6.2/libflash/ecc.c:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, data, len);
data/skiboot-6.6.2/libflash/ecc.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inc_uint64_by(&ecc_word.data, alignment), src, bytes_wanted);
data/skiboot-6.6.2/libflash/ecc.c:415:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, inc_ecc64_by(&ecc_word, alignment),
data/skiboot-6.6.2/libflash/ecc.c:441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inc_uint64_by(&ecc_word.data, len), inc_ecc64_by(dst, len),
data/skiboot-6.6.2/libflash/ffs.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FFS_PART_NAME_MAX + 1];
data/skiboot-6.6.2/libflash/ffs.h:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FFS_PART_NAME_MAX + 1];
data/skiboot-6.6.2/libflash/file.c:45:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file_data->path, O_RDWR);
data/skiboot-6.6.2/libflash/file.c:108:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096];
data/skiboot-6.6.2/libflash/file.c:334:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR);
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:243:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[3];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:271:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[2];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:299:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[6];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:372:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[6];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:415:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[2];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:450:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[3];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:482:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[6];
data/skiboot-6.6.2/libflash/ipmi-hiomap.c:523:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[2];
data/skiboot-6.6.2/libflash/libffs.c:503:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, ent->name, FFS_PART_NAME_MAX);
data/skiboot-6.6.2/libflash/libffs.c:717:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ent->user, user, sizeof(*user));
data/skiboot-6.6.2/libflash/libflash.c:528:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->smart_buf + off, src, chunk);
data/skiboot-6.6.2/libflash/mbox-flash.c:43:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open;
data/skiboot-6.6.2/libflash/mbox-flash.c:248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg->args[i], &tmp, sizeof(val));
data/skiboot-6.6.2/libflash/mbox-flash.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg->args[i], &tmp, sizeof(val));
data/skiboot-6.6.2/libflash/mbox-flash.c:302:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return !is_paused(mbox_flash) && win->open;
data/skiboot-6.6.2/libflash/mbox-flash.c:593:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mbox_flash->write.open) {
data/skiboot-6.6.2/libflash/mbox-flash.c:605:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mbox_flash->write.open) {
data/skiboot-6.6.2/libflash/mbox-flash.c:619:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mbox_flash->write.open) {
data/skiboot-6.6.2/libflash/mbox-flash.c:641:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!win->open)
data/skiboot-6.6.2/libflash/test/test-blocklevel.c:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bl->priv + pos, len);
data/skiboot-6.6.2/libflash/test/test-blocklevel.c:47:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bl->priv + pos, buf, len);
data/skiboot-6.6.2/libflash/test/test-flash.c:344:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sim_image + pos, len);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, req_data, req_size);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, &cmd->resp, msg->resp_size);
data/skiboot-6.6.2/libpore/p8_pore_table_gen_api_fixed.C:771:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostScomEntryNOP,(void*)bufIIS,XIPSIZE_SCOM_ENTRY);
data/skiboot-6.6.2/libpore/p8_pore_table_gen_api_fixed.C:776:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostScomEntryRET,(void*)bufIIS,XIPSIZE_SCOM_ENTRY);
data/skiboot-6.6.2/libpore/p8_pore_table_gen_api_fixed.C:788:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostScomEntryMatch,(void*)bufIIS,XIPSIZE_SCOM_ENTRY);
data/skiboot-6.6.2/libpore/p8_pore_table_gen_api_fixed.C:800:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostScomEntryMatch,(void*)bufIIS,XIPSIZE_SCOM_ENTRY);
data/skiboot-6.6.2/libpore/p8_pore_table_gen_api_fixed.C:835:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( hostScomEntryNext, (void*)bufIIS, XIPSIZE_SCOM_ENTRY);
data/skiboot-6.6.2/libpore/pore_inline.h:140:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *pore_inline_register_strings[16];
data/skiboot-6.6.2/libpore/pore_inline.h:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PORE_INLINE_DISASSEMBLER_STRING_SIZE];
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2090:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, i_data, strlen(dest));
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2226:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*o_duplicate,
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2327:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostAddress, i_data, i_size);
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2529:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o_dest->iv_buildUser, i_src->iv_buildUser,
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o_dest->iv_buildHost, i_src->iv_buildHost,
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2533:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o_dest->iv_reservedChar, i_src->iv_reservedChar,
data/skiboot-6.6.2/libpore/sbe_xip_image.h:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv_buildUser[16];
data/skiboot-6.6.2/libpore/sbe_xip_image.h:398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv_buildHost[24];
data/skiboot-6.6.2/libpore/sbe_xip_image.h:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv_reservedChar[24];
data/skiboot-6.6.2/libpore/sbe_xip_image.h:613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv_string[4];
data/skiboot-6.6.2/libstb/container-utils.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prelead[100];
data/skiboot-6.6.2/libstb/container-utils.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[48];
data/skiboot-6.6.2/libstb/container-utils.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char multiplier[8];
data/skiboot-6.6.2/libstb/container-utils.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(multiplier, "{%d}", len * 2); // allow this (byte) len only
data/skiboot-6.6.2/libstb/container-utils.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[48];
data/skiboot-6.6.2/libstb/container-utils.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char multiplier[8];
data/skiboot-6.6.2/libstb/container-utils.c:110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(multiplier, "{,%d}", len); // allow *up to* this len
data/skiboot-6.6.2/libstb/container.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[1+SHA512_DIGEST_LENGTH*2];
data/skiboot-6.6.2/libstb/create-container.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkeyData[1 + 2 * EC_COORDBYTES];
data/skiboot-6.6.2/libstb/create-container.c:50:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "r");
data/skiboot-6.6.2/libstb/create-container.c:59:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/skiboot-6.6.2/libstb/create-container.c:100:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdin = open(filename, O_RDONLY);
data/skiboot-6.6.2/libstb/create-container.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pubkeyData, infile, sizeof(ecc_key_t) + 1);
data/skiboot-6.6.2/libstb/create-container.c:126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pubkeyraw, &pubkeyData[1], sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:139:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuf[2 * EC_COORDBYTES];
data/skiboot-6.6.2/libstb/create-container.c:142:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdin = open(filename, O_RDONLY);
data/skiboot-6.6.2/libstb/create-container.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sigraw, infile, sizeof(ecc_signature_t));
data/skiboot-6.6.2/libstb/create-container.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sigraw, outbuf, sizeof(ecc_signature_t));
data/skiboot-6.6.2/libstb/create-container.c:197:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA512_DIGEST_LENGTH];
data/skiboot-6.6.2/libstb/create-container.c:217:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdout = open(outFile, O_WRONLY | O_CREAT | O_TRUNC,
data/skiboot-6.6.2/libstb/create-container.c:352:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA512_DIGEST_LENGTH];
data/skiboot-6.6.2/libstb/create-container.c:384:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wrap = atoi(optarg);
data/skiboot-6.6.2/libstb/create-container.c:458:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdin = open(params.payloadfn, O_RDONLY);
data/skiboot-6.6.2/libstb/create-container.c:470:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdout = open(params.imagefn, O_WRONLY | O_CREAT | O_TRUNC,
data/skiboot-6.6.2/libstb/create-container.c:487:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->hw_pkey_a, pubkeyraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->hw_pkey_b, pubkeyraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->hw_pkey_c, pubkeyraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:545:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pd->hw_sig_a, sigraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:550:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pd->hw_sig_b, sigraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:555:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pd->hw_sig_c, sigraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:565:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pd->sw_pkey_p, pubkeyraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:571:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pd->sw_pkey_q, pubkeyraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:577:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pd->sw_pkey_r, pubkeyraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:587:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ph->payload_hash, md, sizeof(sha2_hash_t));
data/skiboot-6.6.2/libstb/create-container.c:641:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(swh->payload_hash, md, sizeof(sha2_hash_t));
data/skiboot-6.6.2/libstb/create-container.c:657:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssig->sw_sig_p, sigraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:662:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssig->sw_sig_q, sigraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/create-container.c:667:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssig->sw_sig_r, sigraw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/cvc.c:358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hw_params.hw_key_hash, hw_key_hash, hw_key_hash_size);
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:177:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:269:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, fill );
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:284:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, ilen );
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:287:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha512_padding[128] =
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:302:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:306:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[16];
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:340:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512( const unsigned char *input, size_t ilen,
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:341:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64], int is384 )
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:357:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha512_test_buf[3][113] =
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:370:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha512_test_sum[6][64] =
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:429:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/skiboot-6.6.2/libstb/mbedtls/sha512.c:430:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha512sum[64];
data/skiboot-6.6.2/libstb/mbedtls/sha512.h:50:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128]; /*!< data block being processed */
data/skiboot-6.6.2/libstb/mbedtls/sha512.h:102:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] );
data/skiboot-6.6.2/libstb/mbedtls/sha512.h:124:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512( const unsigned char *input, size_t ilen,
data/skiboot-6.6.2/libstb/mbedtls/sha512.h:125:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64], int is384 );
data/skiboot-6.6.2/libstb/mbedtls/sha512.h:135:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
data/skiboot-6.6.2/libstb/print-container.c:154:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA512_DIGEST_LENGTH];
data/skiboot-6.6.2/libstb/print-container.c:420:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 1, key_raw, sizeof(ecc_key_t));
data/skiboot-6.6.2/libstb/print-container.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len * 2 + 1 + 2]; // allow trailing \n and leading "0x"
data/skiboot-6.6.2/libstb/print-container.c:494:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdin = open(input, O_RDONLY);
data/skiboot-6.6.2/libstb/print-container.c:621:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wrap = atoi(optarg);
data/skiboot-6.6.2/libstb/print-container.c:647:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdin = open(params.imagefn, O_RDONLY);
data/skiboot-6.6.2/libstb/secvar/secvar.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[SECVAR_MAX_KEY_LEN];
data/skiboot-6.6.2/libstb/secvar/secvar.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/skiboot-6.6.2/libstb/secvar/secvar_api.c:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, node->var->data, node->var->data_size);
data/skiboot-6.6.2/libstb/secvar/secvar_api.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, node->var->key, node->var->key_len);
data/skiboot-6.6.2/libstb/secvar/secvar_api.c:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->var->key, key, key_len);
data/skiboot-6.6.2/libstb/secvar/secvar_api.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->var->data, data, data_size);
data/skiboot-6.6.2/libstb/secvar/secvar_util.c:60:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, node->var, sizeof(struct secvar) + node->size);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024] = {0};
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c:30:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "meow", 4); // ascii
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "test", 4); // ascii
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "f\0o\0o\0b\0a\0r\0", 6*2); // "unicode"
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "meep", 4);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-enqueue.c:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "meep", 4);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-getvar.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024] = {0};
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-getvar.c:26:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "foobar", data_size);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-getvar.c:28:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "test", 4);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-getvar.c:37:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var->key, key, key_len);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-getvar.c:39:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var->data, data, data_size);
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-nextvar.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024] = {0};
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-nextvar.c:24:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpvar->key, "test1", 6); // ascii w/ null
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-nextvar.c:32:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpvar->key, "test2", 5); // ascii w/o null
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-nextvar.c:40:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpvar->key, L"test3", 5*2); // wide char "unicode"
data/skiboot-6.6.2/libstb/secvar/test/secvar-test-nextvar.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, L"foobar", 7*2);
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:113:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eventData->signature, eventSignature,
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:126:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eventData->vendorInfo, vendorInfo, sizeof(vendorInfo));
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:480:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(eventLog.digests.digests[0].digest),
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:489:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(eventLog.digests.digests[1].digest),
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:497:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eventLog.event.event, i_logMsg,
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:546:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val->eventLogInMem, val->eventLog, val->logSize);
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.H:65:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[16];
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.H:74:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendorInfo[0];
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:69:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o_chunkPtr, i_tpmBuf, i_chunkSize);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:88:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o_tpmBuf, i_chunkPtr, i_chunkSize);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:496:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i_logBuf, &(val->digest),
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:540:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(val->digest), i_tpmBuf, size);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:700:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val->digest, i_tpmBuf, size);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:719:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val->event, i_tpmBuf, val->eventSize);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:738:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i_logBuf, val->digest, sizeof(val->digest));
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:747:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i_logBuf, val->event, val->eventSize);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:771:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i_logBuf, val->event, val->eventSize);
data/skiboot-6.6.2/libstb/tss/trustedTypes.C:800:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val->event, i_tpmBuf, size);
data/skiboot-6.6.2/libstb/tss/trustedbootCmds.C:820:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cmd->digests.digests[0].digest), i_digest_1,
data/skiboot-6.6.2/libstb/tss/trustedbootCmds.C:827:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cmd->digests.digests[1].digest), i_digest_2,
data/skiboot-6.6.2/libstb/tss/trustedbootCmds.C:988:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o_digest, resp->pcrValues.digests[0].buffer, fullDigestSize);
data/skiboot-6.6.2/libxz/xz_dec_lzma2.c:390:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size);
data/skiboot-6.6.2/libxz/xz_dec_lzma2.c:400:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->out + b->out_pos, b->in + b->in_pos,
data/skiboot-6.6.2/libxz/xz_dec_lzma2.c:424:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->out + b->out_pos, dict->buf + dict->start,
data/skiboot-6.6.2/libxz/xz_dec_lzma2.c:859:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->temp.buf + s->temp.size, b->in + b->in_pos, tmp);
data/skiboot-6.6.2/libxz/xz_dec_lzma2.c:919:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->temp.buf, b->in + b->in_pos, in_avail);
data/skiboot-6.6.2/libxz/xz_dec_stream.c:173:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->temp.buf + s->temp.pos, b->in + b->in_pos, copy_size);
data/skiboot-6.6.2/platforms/astbmc/common.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/common.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/common.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/garrison.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/garrison.c:230:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/mihawk.c:367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/mihawk.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/p8dnu.c:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/p8dnu.c:275:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/swift.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slot[6];
data/skiboot-6.6.2/platforms/astbmc/witherspoon.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_name[17];
data/skiboot-6.6.2/platforms/astbmc/zaius.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/astbmc/zaius.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/platforms/ibm-fsp/firenze-pci.c:966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&slot->ops, &phb->slot->ops, sizeof(struct pci_slot_ops));
data/skiboot-6.6.2/platforms/ibm-fsp/firenze-pci.c:1033:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lcode, blcode, len);
data/skiboot-6.6.2/platforms/ibm-fsp/firenze.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/skiboot-6.6.2/platforms/ibm-fsp/fsp-vpd.c:51:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(record, "VINI", 4);
data/skiboot-6.6.2/platforms/ibm-fsp/hostservices.c:355:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abuf, data, dsize);
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[5] = "PR00";
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_code[LOC_CODE_SIZE];
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[3];
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[8];
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[9];
data/skiboot-6.6.2/platforms/mambo/console.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[320];
data/skiboot-6.6.2/platforms/mambo/mambo.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[BD_SECT_SZ];
data/skiboot-6.6.2/platforms/mambo/mambo.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + (read_sectors * BD_SECT_SZ) , &b[pos % BD_SECT_SZ],
data/skiboot-6.6.2/platforms/mambo/mambo.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcl_cmd[50];
data/skiboot-6.6.2/platforms/rhesus/rhesus.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/skiboot-6.6.2/test/dt_common.c:27:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%02x", ((unsigned char *)prop)[i]);
data/skiboot-6.6.2/ccan/str/str.c:6:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i = 0, nlen = strlen(needle);
data/skiboot-6.6.2/ccan/str/str.h:32:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strstarts(str,prefix) (strncmp((str),(prefix),strlen(prefix)) == 0)
data/skiboot-6.6.2/ccan/str/str.h:45:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < strlen(postfix))
data/skiboot-6.6.2/ccan/str/str.h:45:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < strlen(postfix))
data/skiboot-6.6.2/ccan/str/str.h:48:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return streq(str + strlen(str) - strlen(postfix), postfix);
data/skiboot-6.6.2/ccan/str/str.h:48:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return streq(str + strlen(str) - strlen(postfix), postfix);
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:33:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u1byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:35:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u2byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:37:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u4byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:39:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u8byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:43:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u1byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:45:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.s1byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:47:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u2byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:49:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.s2byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:51:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u4byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:53:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.s4byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:55:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.u8byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:57:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.s8byte));
data/skiboot-6.6.2/ccan/str/test/run-STR_MAX_CHARS.c:61:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok1(strlen(str) < STR_MAX_CHARS(types.ptr));
data/skiboot-6.6.2/ccan/str/test/run.c:19:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(s); i++)
data/skiboot-6.6.2/ccan/str/test/run.c:20:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret[i] = s[strlen(s) - i - 1];
data/skiboot-6.6.2/ccan/str/test/run.c:35:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[n] = malloc(strlen(substrings[i])
data/skiboot-6.6.2/ccan/str/test/run.c:36:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(substrings[j]) + 1);
data/skiboot-6.6.2/ccan/str/test/run.c:50:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (k == strlen(strings[i])) {
data/skiboot-6.6.2/core/console.c:219:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/skiboot-6.6.2/core/console.c:258:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(int fd __unused, void *buf, size_t req_count)
data/skiboot-6.6.2/core/console.c:263:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (con_driver && con_driver->read)
data/skiboot-6.6.2/core/console.c:264:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = con_driver->read(buf, req_count);
data/skiboot-6.6.2/core/console.c:334:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opal_register(OPAL_CONSOLE_READ, opal_con_driver->read, 3);
data/skiboot-6.6.2/core/console.c:398:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
l = read(0, buffer, l);
data/skiboot-6.6.2/core/cpufeatures.c:842:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(deps_names);
data/skiboot-6.6.2/core/device.c:208:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + STR_MAX_CHARS(addr) + 2;
data/skiboot-6.6.2/core/device.c:230:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 2*STR_MAX_CHARS(addr0) + 3;
data/skiboot-6.6.2/core/device.c:294:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(n->name);
data/skiboot-6.6.2/core/device.c:302:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(n->name);
data/skiboot-6.6.2/core/device.c:332:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = p + strlen(p);
data/skiboot-6.6.2/core/device.c:491:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value) + 1;
data/skiboot-6.6.2/core/device.c:505:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, value, vlen);
data/skiboot-6.6.2/core/device.c:506:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dt_add_property(node, name, tmp, strlen(tmp)+1);
data/skiboot-6.6.2/core/device.c:562:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(sstr) + 1;
data/skiboot-6.6.2/core/device.c:575:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = s + strlen(sstr) + 1;
data/skiboot-6.6.2/core/device.c:709:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return p->len == strlen(val) + 1 && memcmp(p->prop, val, p->len) == 0;
data/skiboot-6.6.2/core/device.c:724:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(c) + 1;
data/skiboot-6.6.2/core/direct-controls.c:33:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callthru_tcl(tcl_cmd, strlen(tcl_cmd));
data/skiboot-6.6.2/core/direct-controls.c:46:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callthru_tcl(tcl_cmd, strlen(tcl_cmd));
data/skiboot-6.6.2/core/errorlog.c:186:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_append_data(buf, err_msg, strlen(err_msg));
data/skiboot-6.6.2/core/errorlog.c:208:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_append_data(buf, err_msg, strlen(err_msg));
data/skiboot-6.6.2/core/flash-firmware-versions.c:23:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(data);
data/skiboot-6.6.2/core/flash-firmware-versions.c:34:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(data, "open-power", strlen("open-power")) == 0)
data/skiboot-6.6.2/core/flash-firmware-versions.c:35:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop = data + strlen("open-power");
data/skiboot-6.6.2/core/flash-firmware-versions.c:63:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
version_len = strlen(version_str[i]);
data/skiboot-6.6.2/core/flash-firmware-versions.c:80:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("skiboot")) == 0) {
data/skiboot-6.6.2/core/flash-firmware-versions.c:86:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("skiboot-")) == 0)
data/skiboot-6.6.2/core/flash-firmware-versions.c:87:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skiboot_version = version + strlen("skiboot-");
data/skiboot-6.6.2/core/flash-firmware-versions.c:91:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(skiboot_version)) != 0)
data/skiboot-6.6.2/core/flash-subpartition.c:57:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(eyecatcher, header->eyecatcher, 4);
data/skiboot-6.6.2/core/interrupts.c:221:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns = name ? strlen(name) : 0;
data/skiboot-6.6.2/core/mem_region.c:1003:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(names->prop + n) + 1;
data/skiboot-6.6.2/core/mem_region.c:1097:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rname = zalloc(strlen(i->name) + strlen(NODE_REGION_PREFIX) + 1);
data/skiboot-6.6.2/core/mem_region.c:1097:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rname = zalloc(strlen(i->name) + strlen(NODE_REGION_PREFIX) + 1);
data/skiboot-6.6.2/core/mem_region.c:1499:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
names_len += strlen(region->node->name) + 1;
data/skiboot-6.6.2/core/mem_region.c:1512:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(region->node->name) + 1;
data/skiboot-6.6.2/core/nvram-format.c:223:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_len = strlen(key);
data/skiboot-6.6.2/core/nvram-format.c:266:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start, strlen(start));
data/skiboot-6.6.2/core/nvram.c:183:16: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
nvram_image = memalign(0x1000, nvram_size);
data/skiboot-6.6.2/core/pci-slot.c:235:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(loc_code, label, sizeof(loc_code) - 1);
data/skiboot-6.6.2/core/platform.c:103:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_append_data(buf, diag, strlen(diag));
data/skiboot-6.6.2/core/test/run-console-log-buf-overrun.c:18:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(memcmp(buf, str, strlen(str)) == 0)
data/skiboot-6.6.2/core/test/run-console-log-buf-overrun.c:101:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += 320 - strlen("Hello World");
data/skiboot-6.6.2/core/test/run-device.c:252:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(s) == 5);
data/skiboot-6.6.2/core/test/run-device.c:255:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(s) == 3);
data/skiboot-6.6.2/core/test/run-device.c:258:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(s) == 8);
data/skiboot-6.6.2/core/test/run-device.c:278:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sz == strlen("xyzzy") + 1);
data/skiboot-6.6.2/core/test/run-flash-firmware-versions.c:42:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
return memalign(blocksize, bytes);
data/skiboot-6.6.2/core/test/run-mem_region_init.c:38:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = __malloc(strlen(str) + 1, "");
data/skiboot-6.6.2/core/test/run-mem_region_init.c:39:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return memcpy(ret, str, strlen(str) + 1);
data/skiboot-6.6.2/core/test/run-mem_region_release_unused.c:164:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NODE_REGION_PREFIX)) == 0) {
data/skiboot-6.6.2/core/test/run-mem_region_release_unused_noalloc.c:144:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NODE_REGION_PREFIX)) == 0) {
data/skiboot-6.6.2/core/test/run-mem_region_reservations.c:125:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name) + 1;
data/skiboot-6.6.2/core/test/run-mem_region_reservations.c:130:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
at ? at-name: strlen(name)))
data/skiboot-6.6.2/core/test/run-mem_region_reservations.c:163:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(test_regions[i].name)))
data/skiboot-6.6.2/core/test/run-nvram-format.c:154:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(result) == 0);
data/skiboot-6.6.2/external/common/arch_flash_arm.c:243:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] != '\n')
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:50:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, attr_buf, sizeof(attr_buf));
data/skiboot-6.6.2/external/common/arch_flash_powerpc.c:86:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, fdt_node_path, sizeof(fdt_node_path));
data/skiboot-6.6.2/external/ffspart/ffspart.c:87:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = ffs_string_to_entry_user(line, strlen(line), &user);
data/skiboot-6.6.2/external/ffspart/ffspart.c:451:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/skiboot-6.6.2/external/ffspart/ffspart.c:452:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/skiboot-6.6.2/external/gard/gard.c:192:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(chip_units[i].desc);
data/skiboot-6.6.2/external/gard/gard.c:303:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(target_type_to_str(unit_id));
data/skiboot-6.6.2/external/gard/gard.c:434:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(format_path(&gard.target_id, scratch));
data/skiboot-6.6.2/external/gard/gard.c:469:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ruler_size = strlen(header) + find_longest_path(ctx);
data/skiboot-6.6.2/external/gard/gard.c:628:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(argv[1], "all", strlen("all")) == 0) {
data/skiboot-6.6.2/external/lpc/lpc.c:139:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, &v8, 1);
data/skiboot-6.6.2/external/lpc/lpc.c:148:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, &v16, 2);
data/skiboot-6.6.2/external/lpc/lpc.c:162:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, &v32, 4);
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:81:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned long callthru_tcl(const char *str, int strlen)
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:84:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)strlen);
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:285:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callthru_tcl(cmd, strlen(cmd));
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:289:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callthru_tcl(cmd, strlen(cmd));
data/skiboot-6.6.2/external/mambo/mambo-socket-proxy.c:304:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callthru_tcl(cmd, strlen(cmd));
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:320:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= 2 && str[1] == '>') {
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1026:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, buf + bytes, statbuf.st_size - bytes);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1315:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(c) + 1;
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1704:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ctx->fd, msg, ctx->msg_alloc_len);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1746:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(ctx->fd, msg + pos, size - pos);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1884:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += (strlen(&s[size]) + 1);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1894:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(runcmd_output);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:1906:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_msg->data_len = strlen("Null") + 1;
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2487:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += (strlen(argv[i]) + 1);
data/skiboot-6.6.2/external/opal-prd/opal-prd.c:2502:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = s + strlen(argv[i]) + 1;
data/skiboot-6.6.2/external/opal-prd/test/test_pnor_ops.c:47:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, buf, sizeof(buf));
data/skiboot-6.6.2/external/opal-prd/test/test_pnor_ops.c:83:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, buf, sizeof(buf));
data/skiboot-6.6.2/external/pflash/pflash.c:445:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, file_buf, FILE_BUF_SIZE);
data/skiboot-6.6.2/external/trace/dump_trace.c:310:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(poll_msecs * 1000);
data/skiboot-6.6.2/external/xscom-utils/xscom.c:45:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char nbuf[strlen(base_path) + strlen(dname) + 16];
data/skiboot-6.6.2/external/xscom-utils/xscom.c:45:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char nbuf[strlen(base_path) + strlen(dname) + 16];
data/skiboot-6.6.2/external/xscom-utils/xscom.c:148:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(c->fd, val, 8);
data/skiboot-6.6.2/hdata/iohub.c:73:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(loc_code, slca_loc_code, LOC_CODE_SIZE);
data/skiboot-6.6.2/hdata/iohub.c:76:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(loc_code) + 1);
data/skiboot-6.6.2/hdata/memory.c:809:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(label) == 0)
data/skiboot-6.6.2/hdata/slca.c:78:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(loc_code, fru_loc_code, LOC_CODE_SIZE - 1);
data/skiboot-6.6.2/hdata/slca.c:79:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dt_add_property(node, "ibm,loc-code", loc_code, strlen(loc_code) + 1);
data/skiboot-6.6.2/hdata/spira.c:1259:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, feature->name, sizeof(name)-1);
data/skiboot-6.6.2/hdata/spira.c:1263:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == 0) {
data/skiboot-6.6.2/hdata/test/hdata_to_dt.c:356:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, &spirah, sizeof(spirah));
data/skiboot-6.6.2/hdata/test/hdata_to_dt.c:370:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, &spira, sizeof(spira));
data/skiboot-6.6.2/hdata/test/stubs.c:45:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
return memalign(blocksize, bytes);
data/skiboot-6.6.2/hw/fsp/fsp-attn.c:110:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ti_attn->msg.file_info));
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fw_vpd[side].mi_keyword, FW_VERSION_UNKNOWN, MI_KEYWORD_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fw_vpd[side].ext_fw_id, FW_VERSION_UNKNOWN, ML_KEYWORD_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:287:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fw_vpd[side].mi_keyword, mi_sec->mi_keyword, MI_KEYWORD_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:298:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fw_vpd[side].ext_fw_id,
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:450:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dt_add_property(dt_fw, "mi-version", buffer, strlen(buffer));
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:463:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dt_add_property(dt_fw, "ml-version", buffer, strlen(buffer));
data/skiboot-6.6.2/hw/fsp/fsp-codeupdate.c:1307:13: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
lid_data = memalign(TCE_PSIZE, MARKER_LID_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-console.c:522:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ser->loc_code, loc_code, LOC_CODE_SIZE - 1);
data/skiboot-6.6.2/hw/fsp/fsp-console.c:551:15: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
ser_buffer = memalign(TCE_PSIZE, SER_BUFFER_SIZE * MAX_SERIAL);
data/skiboot-6.6.2/hw/fsp/fsp-elog-read.c:582:21: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
elog_read_buffer = memalign(TCE_PSIZE, ELOG_READ_BUFFER_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-elog-write.c:409:28: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
elog_panic_write_buffer = memalign(TCE_PSIZE,
data/skiboot-6.6.2/hw/fsp/fsp-elog-write.c:416:29: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
elog_write_to_fsp_buffer = memalign(TCE_PSIZE,
data/skiboot-6.6.2/hw/fsp/fsp-elog-write.c:423:30: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
elog_write_to_host_buffer = memalign(TCE_PSIZE,
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:199:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(sai_data.loc_code, loc_code, strlen(sai_data.loc_code)))
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:526:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sled.lc_len = strlen(spcn_cmd->loc_code);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:529:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sled.lc_code, spcn_cmd->loc_code, LOC_CODE_SIZE - 1);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:715:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cmd->loc_code, loc_code, LOC_CODE_SIZE - 1);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:773:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcode.raw_len = strlen(led->loc_code);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:774:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lcode.loc_code, led->loc_code, LOC_CODE_SIZE - 1);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:1652:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(led_data->loc_code, buf, lc_len);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:1883:16: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
led_buffer = memalign(TCE_PSIZE, PSI_DMA_LED_BUF_SZ);
data/skiboot-6.6.2/hw/fsp/fsp-leds.c:1919:25: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
loc_code_list_buffer = memalign(TCE_PSIZE, PSI_DMA_LOC_COD_BUF_SZ);
data/skiboot-6.6.2/hw/fsp/fsp-sensor.c:783:18: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
sensor_buffer = memalign(TCE_PSIZE, SENSOR_MAX_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-sysdump.c:336:20: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
dump_mem_region = memalign(TCE_PSIZE, PSI_DMA_MDST_TABLE_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-sysdump.c:346:15: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
mdst_table = memalign(TCE_PSIZE, PSI_DMA_MDST_TABLE_SIZE);
data/skiboot-6.6.2/hw/fsp/fsp-sysparam.c:439:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = size + strlen(sysparam_attrs[i].name) + 1;
data/skiboot-6.6.2/hw/fsp/fsp-sysparam.c:472:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = s + strlen(sysparam_attrs[i].name) + 1;
data/skiboot-6.6.2/hw/fsp/fsp.c:1170:21: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
fsp_inbound_buf = memalign(TCE_PSIZE, FSP_INBOUND_SIZE);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:52:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:88:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size += strlen(info->manufacturer);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:89:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size += strlen(info->product);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:90:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size += strlen(info->part_no);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:91:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size += strlen(info->version);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:92:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size += strlen(info->serial_no);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:93:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_size += strlen(info->asset_tag);
data/skiboot-6.6.2/hw/ipmi/ipmi-fru.c:152:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info.version) >= MAX_STR_LEN) {
data/skiboot-6.6.2/hw/occ-sensor.c:375:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str_maps[i].occ_str))) {
data/skiboot-6.6.2/hw/slw.c:913:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name_buf, states[i].name, MAX_NAME_LEN);
data/skiboot-6.6.2/hw/slw.c:914:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_buf = name_buf + strlen(states[i].name) + 1;
data/skiboot-6.6.2/hw/slw.c:932:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_buf_len += strlen(states[i].name) + 1;
data/skiboot-6.6.2/hw/xscom.c:623:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t rc = scom->read(scom, partid, pcbaddr, val);
data/skiboot-6.6.2/include/console.h:38:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t (*read)(char *buf, size_t len);
data/skiboot-6.6.2/include/console.h:51:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t (*read)(int64_t term, __be64 *__len, uint8_t *buf);
data/skiboot-6.6.2/include/mem_region-malloc.h:24:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
#define memalign(boundary, size) __memalign(boundary, size, __location__)
data/skiboot-6.6.2/include/xscom.h:204:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t (*read)(struct scom_controller *, uint32_t chip, uint64_t reg, uint64_t *val);
data/skiboot-6.6.2/libc/include/stdio.h:69:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getc(FILE *stream);
data/skiboot-6.6.2/libc/include/stdio.h:70:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getchar(void);
data/skiboot-6.6.2/libc/include/string.h:19:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy __builtin_strncpy
data/skiboot-6.6.2/libc/include/string.h:27:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen __builtin_strlen
data/skiboot-6.6.2/libc/include/string.h:28:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen __builtin_strlen
data/skiboot-6.6.2/libc/include/unistd.h:22:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern ssize_t read(int fd, void *buf, size_t count);
data/skiboot-6.6.2/libc/stdio/fputs.c:21:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return write(stream->fd, str, strlen(str));
data/skiboot-6.6.2/libc/stdio/puts.c:23:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(stdout->fd, str, strlen(str));
data/skiboot-6.6.2/libc/stdio/vsnprintf.c:33:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/skiboot-6.6.2/libc/stdio/vsnprintf.c:51:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; (i < strlen(str)) && ((*buffer - bstart) < bufsize); i++) {
data/skiboot-6.6.2/libc/string/strcat.c:15:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *s);
data/skiboot-6.6.2/libc/string/strcat.c:22:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strlen(dst);
data/skiboot-6.6.2/libc/string/strdup.c:15:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *s);
data/skiboot-6.6.2/libc/string/strdup.c:20:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src) + 1;
data/skiboot-6.6.2/libc/string/strlen.c:15:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *s);
data/skiboot-6.6.2/libc/string/strlen.c:16:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *s)
data/skiboot-6.6.2/libc/string/strncpy.c:15:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
char *strncpy(char *dst, const char *src, size_t n);
data/skiboot-6.6.2/libc/string/strncpy.c:16:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
char *strncpy(char *dst, const char *src, size_t n)
data/skiboot-6.6.2/libc/string/strstr.c:15:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *s);
data/skiboot-6.6.2/libc/string/strstr.c:26:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(hay);
data/skiboot-6.6.2/libc/string/strstr.c:27:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(needle);
data/skiboot-6.6.2/libc/test/run-memops.c:42:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Hello World!", 20);
data/skiboot-6.6.2/libc/test/run-memops.c:43:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memchr(buf, 'o', strlen(buf), buf+4));
data/skiboot-6.6.2/libc/test/run-memops.c:44:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memchr(buf, 'a', strlen(buf), NULL));
data/skiboot-6.6.2/libc/test/run-memops.c:46:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memcmp(buf, "Hello World!", strlen(buf), 0));
data/skiboot-6.6.2/libc/test/run-memops.c:47:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memcmp(buf, "Hfllow World", strlen(buf), -1));
data/skiboot-6.6.2/libc/test/run-memops.c:68:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_strncasecmp(buf, "Hello World!", strlen(buf), 0));
data/skiboot-6.6.2/libc/test/run-memops.c:69:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_strncasecmp(buf, "HELLO WORLD!", strlen(buf), 0));
data/skiboot-6.6.2/libc/test/run-memops.c:70:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_strncasecmp(buf, "IELLO world!", strlen(buf), -1));
data/skiboot-6.6.2/libc/test/run-memops.c:71:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_strncasecmp(buf, "HeLLo WOrlc!", strlen(buf), 1));
data/skiboot-6.6.2/libc/test/run-memops.c:82:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Hello", 20);
data/skiboot-6.6.2/libc/test/run-memops.c:83:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf2, " World!", 20);
data/skiboot-6.6.2/libc/test/run-memops.c:85:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memmove(buf + 5, buf2, strlen(buf2), buf,
data/skiboot-6.6.2/libc/test/run-memops.c:86:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"Hello World!", strlen("Hello World!")));
data/skiboot-6.6.2/libc/test/run-memops.c:88:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "HHello World!", 20);
data/skiboot-6.6.2/libc/test/run-memops.c:89:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memmove(buf, buf+1, strlen("Hello World!"), buf, "Hello World!", strlen("Hello World!")));
data/skiboot-6.6.2/libc/test/run-memops.c:89:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memmove(buf, buf+1, strlen("Hello World!"), buf, "Hello World!", strlen("Hello World!")));
data/skiboot-6.6.2/libc/test/run-memops.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "0123456789", 20);
data/skiboot-6.6.2/libc/test/run-memops.c:92:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memmove(buf+1, buf , strlen("0123456789"), buf, "00123456789", strlen("00123456789")));
data/skiboot-6.6.2/libc/test/run-memops.c:92:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(test_memmove(buf+1, buf , strlen("0123456789"), buf, "00123456789", strlen("00123456789")));
data/skiboot-6.6.2/libfdt/fdt.c:312:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/skiboot-6.6.2/libfdt/fdt_overlay.c:317:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name),
data/skiboot-6.6.2/libfdt/fdt_overlay.c:828:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(target_path);
data/skiboot-6.6.2/libfdt/fdt_ro.c:277:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fdt_subnode_offset_namelen(fdt, parentoffset, name, strlen(name));
data/skiboot-6.6.2/libfdt/fdt_ro.c:327:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fdt_path_offset_namelen(fdt, path, strlen(path));
data/skiboot-6.6.2/libfdt/fdt_ro.c:358:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(nameptr);
data/skiboot-6.6.2/libfdt/fdt_ro.c:476:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name), lenp);
data/skiboot-6.6.2/libfdt/fdt_ro.c:528:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fdt_getprop_namelen(fdt, nodeoffset, name, strlen(name), lenp);
data/skiboot-6.6.2/libfdt/fdt_ro.c:562:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fdt_get_alias_namelen(fdt, name, strlen(name));
data/skiboot-6.6.2/libfdt/fdt_ro.c:728:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/skiboot-6.6.2/libfdt/fdt_ro.c:778:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string) + 1;
data/skiboot-6.6.2/libfdt/fdt_rw.c:142:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(s) + 1;
data/skiboot-6.6.2/libfdt/fdt_rw.c:165:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/skiboot-6.6.2/libfdt/fdt_rw.c:277:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen(name);
data/skiboot-6.6.2/libfdt/fdt_rw.c:406:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fdt_add_subnode_namelen(fdt, parentoffset, name, strlen(name));
data/skiboot-6.6.2/libfdt/fdt_sw.c:263:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name) + 1;
data/skiboot-6.6.2/libfdt/fdt_sw.c:291:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/skiboot-6.6.2/libfdt/fdt_sw.c:308:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/skiboot-6.6.2/libfdt/fdt_wip.c:92:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name), 0,
data/skiboot-6.6.2/libfdt/libfdt.h:1514:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fdt_property(fdt, name, str, strlen(str)+1)
data/skiboot-6.6.2/libfdt/libfdt.h:1772:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fdt_setprop((fdt), (nodeoffset), (name), (str), strlen(str)+1)
data/skiboot-6.6.2/libfdt/libfdt.h:1943:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fdt_appendprop((fdt), (nodeoffset), (name), (str), strlen(str)+1)
data/skiboot-6.6.2/libflash/blocklevel.c:87:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!bl || !bl->read || !buf) {
data/skiboot-6.6.2/libflash/blocklevel.c:96:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, pos, buf, len);
data/skiboot-6.6.2/libflash/blocklevel.c:423:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, base_pos, erase_buf, block_size);
data/skiboot-6.6.2/libflash/blocklevel.c:488:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, top_pos, erase_buf, top_len);
data/skiboot-6.6.2/libflash/blocklevel.c:609:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, erase_block, erase_buf, erase_size);
data/skiboot-6.6.2/libflash/blocklevel.h:33:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct blocklevel_device *bl, uint64_t pos, void *buf, uint64_t len);
data/skiboot-6.6.2/libflash/file.c:63:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(file_data->fd, buf, len - count);
data/skiboot-6.6.2/libflash/libffs.c:739:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ret->name, name, FFS_PART_NAME_MAX);
data/skiboot-6.6.2/libflash/libflash-priv.h:133:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct spi_flash_ctrl *ctrl, uint32_t addr, void *buf,
data/skiboot-6.6.2/libflash/libflash.c:125:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((!c->mode_4b || ct->set_4b) && ct->read)
data/skiboot-6.6.2/libflash/libflash.c:126:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ct->read(ct, pos, buf, len);
data/skiboot-6.6.2/libflash/mbox-flash.c:50:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct lpc_window read;
data/skiboot-6.6.2/libflash/mbox-flash.c:149:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t off = mbox_flash->read.lpc_addr + (pos - mbox_flash->read.cur_pos);
data/skiboot-6.6.2/libflash/mbox-flash.c:149:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t off = mbox_flash->read.lpc_addr + (pos - mbox_flash->read.cur_pos);
data/skiboot-6.6.2/libflash/mbox-flash.c:432:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 1));
data/skiboot-6.6.2/libflash/mbox-flash.c:471:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.lpc_addr = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
data/skiboot-6.6.2/libflash/mbox-flash.c:472:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.size = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 2));
data/skiboot-6.6.2/libflash/mbox-flash.c:473:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.cur_pos = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 4));
data/skiboot-6.6.2/libflash/mbox-flash.c:474:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = true;
data/skiboot-6.6.2/libflash/mbox-flash.c:481:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.lpc_addr = blocks_to_bytes(mbox_flash, msg_get_u16(msg, 0));
data/skiboot-6.6.2/libflash/mbox-flash.c:482:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = true;
data/skiboot-6.6.2/libflash/mbox-flash.c:494:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/mbox-flash.c:502:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/mbox-flash.c:509:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/mbox-flash.c:677:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/mbox-flash.c:790:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = mbox_window_move(mbox_flash, &mbox_flash->read,
data/skiboot-6.6.2/libflash/mbox-flash.c:808:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!is_valid(mbox_flash, &mbox_flash->read))
data/skiboot-6.6.2/libflash/mbox-flash.c:948:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/mbox-flash.c:954:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/mbox-flash.c:1005:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mbox_flash->read.open = false;
data/skiboot-6.6.2/libflash/test/stubs.c:28:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(ms * 1000);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:687:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(bl->read(bl, 0, buf, len) == FLASH_ERR_AGAIN);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:793:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:795:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:936:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:938:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:971:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:989:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1045:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1065:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1098:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1099:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(!bl->read(bl, 0, buf, len));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1129:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, 0, &buf, sizeof(buf));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1169:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, 0, buf, len);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1775:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, 0, &buf, sizeof(buf));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1777:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = bl->read(bl, 0, &buf, sizeof(buf));
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:1876:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(bl->read(bl, 0, buf, len) > 0);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:2277:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(bl->read(bl, 0, buf, len) > 0);
data/skiboot-6.6.2/libflash/test/test-ipmi-hiomap.c:2325:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(bl->read(bl, 0, buf, len) > 0);
data/skiboot-6.6.2/libpore/sbe_xip_image.c:76:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen(s) hvstrlen(s)
data/skiboot-6.6.2/libpore/sbe_xip_image.c:1813:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actualSize = 8 + (((strlen(halt->iv_string) + 4) / 4) * 4);
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2089:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dest) < strlen(i_data)) {
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2089:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dest) < strlen(i_data)) {
data/skiboot-6.6.2/libpore/sbe_xip_image.c:2090:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(dest, i_data, strlen(dest));
data/skiboot-6.6.2/libstb/container-utils.c:32:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pad = (((strlen(prelead) + strlen(lead)) % 2) == 0) ? "" : " ";
data/skiboot-6.6.2/libstb/container-utils.c:32:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pad = (((strlen(prelead) + strlen(lead)) % 2) == 0) ? "" : " ";
data/skiboot-6.6.2/libstb/container-utils.c:78:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(multiplier, "+"); // unlimited
data/skiboot-6.6.2/libstb/container-utils.c:112:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(multiplier, "+"); // unlimited
data/skiboot-6.6.2/libstb/create-container.c:618:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) &swh->reserved, params.label, 8);
data/skiboot-6.6.2/libstb/create-container.c:707:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fdin, buf, payload_st.st_size % 4096);
data/skiboot-6.6.2/libstb/create-container.c:711:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fdin, buf, 4096);
data/skiboot-6.6.2/libstb/print-container.c:64:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int leadbytes = strlen(lead);
data/skiboot-6.6.2/libstb/print-container.c:508:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fdin, buf, s.st_size);
data/skiboot-6.6.2/libstb/secvar/test/secvar_common_test.c:19:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
#define memalign(a, b) malloc(b)
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:495:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eventLog.event.eventSize = strlen(i_logMsg);
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:498:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(i_logMsg) > MAX_TPM_LOG_MSG ?
data/skiboot-6.6.2/libstb/tss/tpmLogMgr.C:500:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: strlen(i_logMsg)) );
data/skiboot-6.6.2/platforms/ibm-fsp/firenze-pci.c:1026:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(blcode);
data/skiboot-6.6.2/platforms/ibm-fsp/hostservices.c:348:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
abuf = memalign(0x1000, PSI_DMA_HBRT_LOG_WRITE_BUF_SZ);
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:169:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(dst) - 1; i >= 0; i--) {
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:358:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_loc_code_len = strlen(phb->base_loc_code);
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:359:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slot_label_len = strlen(s->label);
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:365:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(loc_code, "-");
data/skiboot-6.6.2/platforms/ibm-fsp/lxvpd.c:368:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loc_code, strlen(loc_code) + 1);
data/skiboot-6.6.2/platforms/mambo/mambo.c:216:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callthru_tcl(tcl_cmd, strlen(tcl_cmd));
ANALYSIS SUMMARY:
Hits = 1033
Lines analyzed = 191667 in approximately 4.21 seconds (45494 lines/second)
Physical Source Lines of Code (SLOC) = 128766
Hits@level = [0] 961 [1] 311 [2] 566 [3] 17 [4] 137 [5] 2
Hits@level+ = [0+] 1994 [1+] 1033 [2+] 722 [3+] 156 [4+] 139 [5+] 2
Hits/KSLOC@level+ = [0+] 15.4855 [1+] 8.0223 [2+] 5.60707 [3+] 1.2115 [4+] 1.07948 [5+] 0.0155321
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.