Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/common.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel-remotefunc-spi-data-transfer.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel-remotefunc-spi-data-transfer.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel-spiflash.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel-spiflash.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/include/list.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/include/portable_endian.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/include/types.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/jtag-loop.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/meminfo.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/nand-common.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a10.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a20.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-main.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/progress.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/progress.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_extractor.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_fex.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_fex.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_uboot.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/script_uboot.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/soc_info.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/soc_info.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/thunks/clrsetbits.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/thunks/fel-to-spl-thunk.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/thunks/memcpy.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/thunks/readl_writel.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/thunks/rmr-thunk.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/thunks/sid_read_root.h
Examining data/sunxi-tools-1.4.2+git20181114.6d598a/uart0-helloworld-sdboot.c
FINAL RESULTS:
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:174:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/sunxi-tools-1.4.2+git20181114.6d598a/common.h:43:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define pr_error(...) fprintf(stderr, __VA_ARGS__)
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:40:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
do { if (verbose) printf(__VA_ARGS__); } while (0);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:221:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)mbr->array[i+partoffset].name, names[i]);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:296:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(argv[i], "%s %d %d", names[i], &lens[i], &user_types[i]) < 2) {
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:47:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(outname, l, dest, part);
data/sunxi-tools-1.4.2+git20181114.6d598a/script_uboot.c:54:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out, fmt, key, val->value);
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:69:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, " = %s", c);
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:78:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "port:P%c%02" PRId64 "%s", 'A' + (int)(num >> 5), num & 0x1F, c);
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:119:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(p, hex ? "0x%" PRIx64 : "%" PRId64, num);
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:127:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "\"%s\"", c);
data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c:267:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, opt_string)) != -1) {
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:1049:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "c:p:o:u:e:ba:sh",
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:101:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "vqso:p:?")) != -1) {
data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c:352:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "i:o:m")) != -1) {
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prvt_head_vsn[4];
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char script_buf[32768];
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:361:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(argv[1], "rb");
data/sunxi-tools-1.4.2+git20181114.6d598a/fel-spiflash.c:357:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmdbuf + cmd_idx, buf8, write_count);
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:176:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *out = fopen(name, "wb");
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:195:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(name, "rb");
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:224:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[size];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[size];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:241:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[size];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, entry_code, sizeof(entry_code));
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf + idx, arm_code, arm_code_size);
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_signature[9] = { 0 };
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:830:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thunk_buf, fel_to_spl_thunk, sizeof(fel_to_spl_thunk));
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thunk_buf + sizeof(fel_to_spl_thunk) / sizeof(uint32_t),
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:833:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thunk_buf + sizeof(fel_to_spl_thunk) / sizeof(uint32_t) + 1,
data/sunxi-tools-1.4.2+git20181114.6d598a/fel.c:1122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[36];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[10];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[13];
data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c:97:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((in = fopen(filename, "r")) == NULL) {
data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c:113:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((in = open(filename, O_RDONLY)) < 0) {
data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c:174:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((out = fopen(filename, "w")) == NULL) {
data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c:188:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((out = open(filename, O_WRONLY|O_CREAT|O_TRUNC, 0666)) < 0) {
data/sunxi-tools-1.4.2+git20181114.6d598a/meminfo.c:760:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devmem_fd = open(DEVMEM_FILE, O_RDWR);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pad, src, BCH_ECC_BYTES(bch)-4*nwords);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:222:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, pad, BCH_ECC_BYTES(bch)-4*nwords);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:299:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bch->ecc_buf, r, sizeof(r));
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:886:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
src = fopen(info->source, "r");
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:893:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dst = fopen(info->dest, "w");
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-image-builder.c:899:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rnd = fopen("/dev/urandom", "r");
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a20.h:60:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char classname[16]; //次设备名
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a20.h:61:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[16]; //主设备名
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a20.h:65:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[68]; //保留数据,匹配分区信息128字节
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a20.h:72:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[8]; //"softw411"
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-a20.h:78:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[MBR_RESERVED];
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part-main.c:103:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(nand, O_RDWR);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:198:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
backup = fopen("nand_mbr.backup", "w");
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:222:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)mbr->array[i+partoffset].classname, "DISK");
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names[MAX_PART_COUNT][MAX_NAME];
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[16]; /* "PHOENIX_CARD_IMG" */
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:31:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[8];
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[l];
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:56:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(outname, "wb");
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:116:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part = atoi(optarg);
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:144:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(argv[optind], "rb");
data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c:193:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*pin = atoi(name);
data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_[PIO_REG_SIZE];
data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c:375:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/mem",O_RDWR);
data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c:395:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(in_name, "rb");
data/sunxi-tools-1.4.2+git20181114.6d598a/pio.c:419:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(out_name, "wb");
data/sunxi-tools-1.4.2+git20181114.6d598a/progress.c:50:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[6] = "";
data/sunxi-tools-1.4.2+git20181114.6d598a/script.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(section->name, name, l);
data/sunxi-tools-1.4.2+git20181114.6d598a/script.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->name, name, l);
data/sunxi-tools-1.4.2+git20181114.6d598a/script.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->string, s, l);
data/sunxi-tools-1.4.2+git20181114.6d598a/script.c:228:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name,
data/sunxi-tools-1.4.2+git20181114.6d598a/script.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sunxi-tools-1.4.2+git20181114.6d598a/script.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sunxi-tools-1.4.2+git20181114.6d598a/script.h:113:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name,
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(section->name, s->name, strlen(s->name));
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.c:144:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->name, e->name, strlen(e->name));
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, string->string, size);
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sunxi-tools-1.4.2+git20181114.6d598a/script_extractor.c:34:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/mem", O_RDONLY);
data/sunxi-tools-1.4.2+git20181114.6d598a/script_fex.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_LINE+1];
data/sunxi-tools-1.4.2+git20181114.6d598a/soc_info.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/sunxi-tools-1.4.2+git20181114.6d598a/soc_info.h:40:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char soc_name_t[8];
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:43:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[1], "r");
data/sunxi-tools-1.4.2+git20181114.6d598a/tests/unify-fex.c:90:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
c += sprintf(c, "<default>");
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:373:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp((char *)boot_hdr.boot.magic, BOOT0_MAGIC, strlen(BOOT0_MAGIC)) == 0) {
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:375:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp((char *)boot_hdr.boot.magic, BOOT1_MAGIC, strlen(BOOT1_MAGIC)) == 0) {
data/sunxi-tools-1.4.2+git20181114.6d598a/bootinfo.c:377:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp((char *)boot_hdr.boot.magic, BROM_MAGIC, strlen(BROM_MAGIC)) == 0) {
data/sunxi-tools-1.4.2+git20181114.6d598a/fel_lib.c:809:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry->soc_name, dev->soc_name, sizeof(soc_name_t));
data/sunxi-tools-1.4.2+git20181114.6d598a/fexc.c:52:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rc = read(fd, p, buf_size-count);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:87:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd,mbr,MBR_SIZE) == MBR_SIZE)
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:93:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)mbr->magic, MBR_MAGIC, 8);
data/sunxi-tools-1.4.2+git20181114.6d598a/nand-part.c:240:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(0, &yn, 1);
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:42:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(dest) + 16;
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:131:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (t[strlen(t)-1] == '/' || !part) {
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:132:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(t) + strlen("/%d.img") + 1;
data/sunxi-tools-1.4.2+git20181114.6d598a/phoenix_info.c:132:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(t) + strlen("/%d.img") + 1;
data/sunxi-tools-1.4.2+git20181114.6d598a/script.c:64:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(name);
data/sunxi-tools-1.4.2+git20181114.6d598a/script.c:126:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name);
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.c:135:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(section->name, s->name, strlen(s->name));
data/sunxi-tools-1.4.2+git20181114.6d598a/script_bin.c:144:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(entry->name, e->name, strlen(e->name));
data/sunxi-tools-1.4.2+git20181114.6d598a/script_fex.c:44:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s);
data/sunxi-tools-1.4.2+git20181114.6d598a/soc_info.c:294:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, soc->name, sizeof(soc_name_t) - 1);
ANALYSIS SUMMARY:
Hits = 104
Lines analyzed = 10470 in approximately 0.35 seconds (30225 lines/second)
Physical Source Lines of Code (SLOC) = 7607
Hits@level = [0] 246 [1] 18 [2] 71 [3] 4 [4] 11 [5] 0
Hits@level+ = [0+] 350 [1+] 104 [2+] 86 [3+] 15 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 46.0103 [1+] 13.6716 [2+] 11.3054 [3+] 1.97187 [4+] 1.44604 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.