Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/stressapptest-1.0.6/src/finelock_queue.cc Examining data/stressapptest-1.0.6/src/finelock_queue.h Examining data/stressapptest-1.0.6/src/adler32memcpy.cc Examining data/stressapptest-1.0.6/src/os_factory.cc Examining data/stressapptest-1.0.6/src/worker.cc Examining data/stressapptest-1.0.6/src/adler32memcpy.h Examining data/stressapptest-1.0.6/src/stressapptest_config_android.h Examining data/stressapptest-1.0.6/src/worker.h Examining data/stressapptest-1.0.6/src/pattern.cc Examining data/stressapptest-1.0.6/src/error_diag.cc Examining data/stressapptest-1.0.6/src/sat_factory.cc Examining data/stressapptest-1.0.6/src/sattypes.h Examining data/stressapptest-1.0.6/src/logger.cc Examining data/stressapptest-1.0.6/src/error_diag.h Examining data/stressapptest-1.0.6/src/pattern.h Examining data/stressapptest-1.0.6/src/os.cc Examining data/stressapptest-1.0.6/src/logger.h Examining data/stressapptest-1.0.6/src/os.h Examining data/stressapptest-1.0.6/src/main.cc Examining data/stressapptest-1.0.6/src/queue.cc Examining data/stressapptest-1.0.6/src/queue.h Examining data/stressapptest-1.0.6/src/sat.cc Examining data/stressapptest-1.0.6/src/disk_blocks.cc Examining data/stressapptest-1.0.6/src/disk_blocks.h Examining data/stressapptest-1.0.6/src/sat.h FINAL RESULTS: data/stressapptest-1.0.6/src/logger.cc:40:16: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int length = vsnprintf(buffer, sizeof buffer, format, args); data/stressapptest-1.0.6/src/sat.cc:125:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #error Build system regression - COPTS disregarded. data/stressapptest-1.0.6/src/disk_blocks.cc:52:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int64 x = random(); data/stressapptest-1.0.6/src/disk_blocks.cc:53:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = (x << 30) ^ random(); data/stressapptest-1.0.6/src/disk_blocks.cc:54:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = (x << 30) ^ random(); data/stressapptest-1.0.6/src/pattern.cc:406:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. unsigned int target = random(); data/stressapptest-1.0.6/src/queue.cc:82:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint64 rand = random(); data/stressapptest-1.0.6/src/worker.cc:1512:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int offset = random() % sat_->page_length(); data/stressapptest-1.0.6/src/worker.cc:3102:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. current_blocks = (random() % blocks) + 1; data/stressapptest-1.0.6/src/worker.cc:3158:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/stressapptest-1.0.6/src/worker.cc:3361:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. offset = random() % (sat_->page_length() / wordsize_); data/stressapptest-1.0.6/src/worker.cc:3374:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. offset = random() % (sat_->page_length() / wordsize_); data/stressapptest-1.0.6/src/adler32memcpy.cc:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/stressapptest-1.0.6/src/error_diag.cc:205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimm_string[256] = ""; data/stressapptest-1.0.6/src/finelock_queue.cc:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/logger.cc:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/stressapptest-1.0.6/src/os.cc:134:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(kPagemapPath, O_RDONLY); data/stressapptest-1.0.6/src/os.cc:220:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int dcfile = open(drop_caches_file, O_WRONLY); data/stressapptest-1.0.6/src/os.cc:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[65] = "0"; data/stressapptest-1.0.6/src/os.cc:357:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int hpfile = open(hugepages_info_file, O_RDONLY); data/stressapptest-1.0.6/src/os.cc:580:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location_message[256] = ""; data/stressapptest-1.0.6/src/os.cc:582:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(location_message, "mapped as needed"); data/stressapptest-1.0.6/src/os.cc:584:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(location_message, "at %p", shmaddr); data/stressapptest-1.0.6/src/os.cc:695:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev_file[256]; data/stressapptest-1.0.6/src/os.cc:700:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(dev_file, O_RDWR); data/stressapptest-1.0.6/src/os.cc:792:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/os.cc:794:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(buf, O_RDWR); data/stressapptest-1.0.6/src/os.cc:916:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/stressapptest-1.0.6/src/os.cc:917:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/os.cc:920:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY); data/stressapptest-1.0.6/src/os.cc:930:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/stressapptest-1.0.6/src/os.cc:931:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/os.cc:939:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "r"); data/stressapptest-1.0.6/src/pattern.h:39:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char weight[4]; // Weighted frequency of this pattern. data/stressapptest-1.0.6/src/sat.cc:79:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile_ = open(logfilename_, data/stressapptest-1.0.6/src/sat.cc:496:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/sat.h:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logfilename_[255]; // Name of file to log to. data/stressapptest-1.0.6/src/sattypes.h:178:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/worker.cc:340:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/worker.cc:356:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/worker.cc:591:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimm_string[256] = ""; data/stressapptest-1.0.6/src/worker.cc:651:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimm_string[256] = ""; data/stressapptest-1.0.6/src/worker.cc:957:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimm_string[256] = ""; data/stressapptest-1.0.6/src/worker.cc:958:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_dimm_string[256] = ""; data/stressapptest-1.0.6/src/worker.cc:1243:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sourcemem, targetmem, blocksize); data/stressapptest-1.0.6/src/worker.cc:1387:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sourcemem, targetmem, blocksize); data/stressapptest-1.0.6/src/worker.cc:1523:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst.addr, src.addr, sat_->page_length()); data/stressapptest-1.0.6/src/worker.cc:1615:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(filename_.c_str(), flags | O_DIRECT, 0644); data/stressapptest-1.0.6/src/worker.cc:1618:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename_.c_str(), flags, 0644); // Try without O_DIRECT data/stressapptest-1.0.6/src/worker.cc:2080:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/worker.cc:2136:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256] = ""; data/stressapptest-1.0.6/src/worker.cc:2169:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256] = ""; data/stressapptest-1.0.6/src/worker.cc:2712:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(device_name_.c_str(), flags | O_DIRECT, 0); data/stressapptest-1.0.6/src/worker.cc:2715:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(device_name_.c_str(), flags, 0); // Try without O_DIRECT data/stressapptest-1.0.6/src/worker.cc:2935:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/worker.cc:2976:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/stressapptest-1.0.6/src/worker.cc:3042:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block_buffer_, pe.addr, block->GetSize()); data/stressapptest-1.0.6/src/worker.h:275:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cpu_mask_, mask, sizeof(*mask)); data/stressapptest-1.0.6/src/worker.h:484:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[512-4]; data/stressapptest-1.0.6/src/worker.h:511:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipaddr_[256]; data/stressapptest-1.0.6/src/os.cc:139:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (lseek64(fd, off, SEEK_SET) != off || read(fd, &frame, 8) != 8) { data/stressapptest-1.0.6/src/os.cc:359:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t bytes_read = read(hpfile, buf, 64); data/stressapptest-1.0.6/src/os.cc:595:30: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. buf = static_cast<char*>(memalign(4096, length)); data/stressapptest-1.0.6/src/os.cc:731:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &datacast, size) != static_cast<ssize_t>(size)) { data/stressapptest-1.0.6/src/os.cc:814:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool res = (sizeof(*data) == read(fd, data, sizeof(*data))); data/stressapptest-1.0.6/src/os.cc:923:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buf, 256); data/stressapptest-1.0.6/src/sat.cc:1356:34: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. num = reinterpret_cast<int*>(memalign(kCacheLineSize, data/stressapptest-1.0.6/src/worker.cc:117:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, errmsg, len); data/stressapptest-1.0.6/src/worker.cc:1706:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int64 size = read(fd, dst->addr, page_length); data/stressapptest-1.0.6/src/worker.cc:1828:19: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. local_page_ = memalign(512, sat_->page_length()); data/stressapptest-1.0.6/src/worker.cc:2021:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ipaddr_, ipaddr_init, 256); data/stressapptest-1.0.6/src/worker.cc:2400:16: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. local_page = memalign(512, sat_->page_length()); data/stressapptest-1.0.6/src/worker.cc:3171:19: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. block_buffer_ = memalign(kBufferAlignment, sat_->page_length()); ANALYSIS SUMMARY: Hits = 73 Lines analyzed = 11323 in approximately 0.27 seconds (42143 lines/second) Physical Source Lines of Code (SLOC) = 7505 Hits@level = [0] 22 [1] 13 [2] 48 [3] 10 [4] 2 [5] 0 Hits@level+ = [0+] 95 [1+] 73 [2+] 60 [3+] 12 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 12.6582 [1+] 9.72685 [2+] 7.99467 [3+] 1.59893 [4+] 0.266489 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.