Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/thermald-2.3/test/thermald_test_kern_module.c
Examining data/thermald-2.3/tools/thermal_monitor/main.cpp
Examining data/thermald-2.3/tools/thermal_monitor/thermaldinterface.cpp
Examining data/thermald-2.3/tools/thermal_monitor/sensorsdialog.cpp
Examining data/thermald-2.3/tools/thermal_monitor/pollingdialog.h
Examining data/thermald-2.3/tools/thermal_monitor/logdialog.cpp
Examining data/thermald-2.3/tools/thermal_monitor/logdialog.h
Examining data/thermald-2.3/tools/thermal_monitor/mainwindow.cpp
Examining data/thermald-2.3/tools/thermal_monitor/tripsdialog.h
Examining data/thermald-2.3/tools/thermal_monitor/tripsdialog.cpp
Examining data/thermald-2.3/tools/thermal_monitor/thermaldinterface.h
Examining data/thermald-2.3/tools/thermal_monitor/sensorsdialog.h
Examining data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h
Examining data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp
Examining data/thermald-2.3/tools/thermal_monitor/pollingdialog.cpp
Examining data/thermald-2.3/tools/thermal_monitor/mainwindow.h
Examining data/thermald-2.3/src/thd_cdev_rapl_dram.h
Examining data/thermald-2.3/src/thd_sensor_kbl_amdgpu_power.cpp
Examining data/thermald-2.3/src/thd_preference.h
Examining data/thermald-2.3/src/thd_cpu_default_binding.cpp
Examining data/thermald-2.3/src/thd_cdev_intel_pstate_driver.cpp
Examining data/thermald-2.3/src/thd_zone_dynamic.h
Examining data/thermald-2.3/src/thd_zone.cpp
Examining data/thermald-2.3/src/thd_cdev_backlight.h
Examining data/thermald-2.3/src/thd_zone_kbl_g_mcp.h
Examining data/thermald-2.3/src/thd_sensor_kbl_g_mcp.h
Examining data/thermald-2.3/src/thd_zone_rapl_power.h
Examining data/thermald-2.3/src/thd_adaptive_types.h
Examining data/thermald-2.3/src/thd_sys_fs.h
Examining data/thermald-2.3/src/thd_cdev_rapl.h
Examining data/thermald-2.3/src/thd_pid.cpp
Examining data/thermald-2.3/src/android_main.cpp
Examining data/thermald-2.3/src/thd_common.h
Examining data/thermald-2.3/src/thd_sensor_kbl_amdgpu_power.h
Examining data/thermald-2.3/src/thd_cdev_order_parser.cpp
Examining data/thermald-2.3/src/thd_cdev_kbl_amdgpu.cpp
Examining data/thermald-2.3/src/thd_sensor_virtual.h
Examining data/thermald-2.3/src/thd_cdev_rapl.cpp
Examining data/thermald-2.3/src/thd_engine_default.cpp
Examining data/thermald-2.3/src/thd_dbus_interface.cpp
Examining data/thermald-2.3/src/thd_sensor_virtual.cpp
Examining data/thermald-2.3/src/thd_cdev_order_parser.h
Examining data/thermald-2.3/src/thd_zone_generic.h
Examining data/thermald-2.3/src/thd_zone.h
Examining data/thermald-2.3/src/thd_trip_point.h
Examining data/thermald-2.3/src/thd_parse.h
Examining data/thermald-2.3/src/thd_cdev.h
Examining data/thermald-2.3/src/thd_cdev_modem.h
Examining data/thermald-2.3/src/acpi_thermal_rel_ioct.h
Examining data/thermald-2.3/src/thermald.h
Examining data/thermald-2.3/src/thd_parse.cpp
Examining data/thermald-2.3/src/thd_cpu_default_binding.h
Examining data/thermald-2.3/src/thd_sys_fs.cpp
Examining data/thermald-2.3/src/thd_cdev.cpp
Examining data/thermald-2.3/src/thd_zone_cpu.h
Examining data/thermald-2.3/src/thd_sensor_kbl_amdgpu_thermal.cpp
Examining data/thermald-2.3/src/thd_zone_kbl_amdgpu.cpp
Examining data/thermald-2.3/src/thd_cdev_cpufreq.cpp
Examining data/thermald-2.3/src/thd_zone_kbl_g_mcp.cpp
Examining data/thermald-2.3/src/thd_sensor_kbl_g_mcp.cpp
Examining data/thermald-2.3/src/thd_sensor_kbl_amdgpu_thermal.h
Examining data/thermald-2.3/src/thd_trt_art_reader.cpp
Examining data/thermald-2.3/src/thd_cdev_rapl_dram.cpp
Examining data/thermald-2.3/src/thd_cdev_cpufreq.h
Examining data/thermald-2.3/src/thd_cdev_gen_sysfs.h
Examining data/thermald-2.3/src/thd_cdev_intel_pstate_driver.h
Examining data/thermald-2.3/src/thd_kobj_uevent.cpp
Examining data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp
Examining data/thermald-2.3/src/thd_rapl_power_meter.cpp
Examining data/thermald-2.3/src/thd_preference.cpp
Examining data/thermald-2.3/src/thd_engine.h
Examining data/thermald-2.3/src/thd_kobj_uevent.h
Examining data/thermald-2.3/src/thd_zone_cpu.cpp
Examining data/thermald-2.3/src/thd_rapl_power_meter.h
Examining data/thermald-2.3/src/thd_engine_default.h
Examining data/thermald-2.3/src/thd_pid.h
Examining data/thermald-2.3/src/thd_zone_kbl_amdgpu.h
Examining data/thermald-2.3/src/thd_cdev_therm_sys_fs.h
Examining data/thermald-2.3/src/thd_cdev_backlight.cpp
Examining data/thermald-2.3/src/thd_zone_therm_sys_fs.h
Examining data/thermald-2.3/src/thd_zone_generic.cpp
Examining data/thermald-2.3/src/thd_cdev_kbl_amdgpu.h
Examining data/thermald-2.3/src/thd_zone_rapl_power.cpp
Examining data/thermald-2.3/src/thd_trt_art_reader.h
Examining data/thermald-2.3/src/thd_zone_dynamic.cpp
Examining data/thermald-2.3/src/thd_sensor_rapl_power.h
Examining data/thermald-2.3/src/thd_sensor_rapl_power.cpp
Examining data/thermald-2.3/src/thd_cdev_therm_sys_fs.cpp
Examining data/thermald-2.3/src/thd_cdev_gen_sysfs.cpp
Examining data/thermald-2.3/src/thd_cdev_modem.cpp
Examining data/thermald-2.3/src/thd_sensor.h
Examining data/thermald-2.3/src/thd_sensor.cpp
Examining data/thermald-2.3/src/thd_trip_point.cpp
Examining data/thermald-2.3/src/thd_engine.cpp
Examining data/thermald-2.3/src/main.cpp
Examining data/thermald-2.3/src/thd_engine_adaptive.cpp
Examining data/thermald-2.3/src/thd_engine_adaptive.h
Examining data/thermald-2.3/src/thd_int3400.cpp
Examining data/thermald-2.3/src/thd_int3400.h
FINAL RESULTS:
data/thermald-2.3/src/thd_sys_fs.cpp:227:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int ret = ::readlink(p.c_str(), buf, len);
data/thermald-2.3/src/thd_trt_art_reader.cpp:76:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ret = readlink(name_path.c_str(), buf, sizeof(buf) - 1);
data/thermald-2.3/src/main.cpp:269:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, TD_DIST_VERSION "\n");
data/thermald-2.3/src/thermald.h:89:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define thd_log_fatal printf
data/thermald-2.3/src/thermald.h:90:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define thd_log_error printf
data/thermald-2.3/src/thermald.h:91:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define thd_log_warn printf
data/thermald-2.3/src/thermald.h:92:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define thd_log_msg printf
data/thermald-2.3/src/thermald.h:94:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define thd_log_info printf
data/thermald-2.3/src/android_main.cpp:192:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, short_options, long_options,
data/thermald-2.3/src/acpi_thermal_rel_ioct.h:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_device[8]; /* ACPI single name */
data/thermald-2.3/src/acpi_thermal_rel_ioct.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_device[8]; /* ACPI single name */
data/thermald-2.3/src/acpi_thermal_rel_ioct.h:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_device[8]; /* ACPI single name */
data/thermald-2.3/src/acpi_thermal_rel_ioct.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_device[8]; /* ACPI single name */
data/thermald-2.3/src/android_main.cpp:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/thermald-2.3/src/android_main.cpp:130:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open("/dev/null", O_RDWR);
data/thermald-2.3/src/android_main.cpp:135:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pid_file_handle = open(pidfile, O_RDWR | O_CREAT, 0600);
data/thermald-2.3/src/android_main.cpp:206:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thd_poll_interval = atoi(optarg);
data/thermald-2.3/src/main.cpp:144:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lock_file_handle = open(lock_file, O_RDWR | O_CREAT, 0600);
data/thermald-2.3/src/thd_cpu_default_binding.cpp:123:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filein.open(filename.str().c_str(), std::ios::in | std::ios::binary);
data/thermald-2.3/src/thd_cpu_default_binding.cpp:150:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filein.open(filename.str().c_str(), std::ios::in | std::ios::binary);
data/thermald-2.3/src/thd_cpu_default_binding.cpp:168:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename.str().c_str());
data/thermald-2.3/src/thd_cpu_default_binding.cpp:171:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileout.open(filename.str().c_str(),
data/thermald-2.3/src/thd_cpu_default_binding.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_name[50 + 1];
data/thermald-2.3/src/thd_engine.cpp:353:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_cap.msg, msg, msg_cap.msg_size);
data/thermald-2.3/src/thd_engine.cpp:408:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return zone->update_max_temperature(atoi(user_set_point));
data/thermald-2.3/src/thd_engine.cpp:429:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return zone->update_psv_temperature(atoi(user_set_point));
data/thermald-2.3/src/thd_engine.cpp:557:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:610:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:788:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:821:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:856:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(entry->d_name + strlen("cooling_device"));
data/thermald-2.3/src/thd_engine.cpp:987:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen("/sys/kernel/realtime", "r")) != NULL) {
data/thermald-2.3/src/thd_engine_adaptive.cpp:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segmentid[ESIFDV_NAME_LEN];
data/thermald-2.3/src/thd_engine_adaptive.cpp:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[ESIFDV_DESC_LEN];
data/thermald-2.3/src/thd_engine_adaptive.cpp:617:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (decompressed, buf, header->headersize);
data/thermald-2.3/src/thd_engine_adaptive.cpp:647:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, buf + offset, keylength);
data/thermald-2.3/src/thd_engine_adaptive.cpp:654:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, buf + offset, vallength);
data/thermald-2.3/src/thd_engine_adaptive.cpp:732:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ESIFDV_NAME_LEN + 1] = { 0 };
data/thermald-2.3/src/thd_engine_adaptive.cpp:733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[ESIFDV_DESC_LEN + 1] = { 0 };
data/thermald-2.3/src/thd_engine_adaptive.cpp:1440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[267];
data/thermald-2.3/src/thd_engine_adaptive.cpp:1444:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDONLY);
data/thermald-2.3/src/thd_engine_default.cpp:435:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(entry->d_name + strlen("coretemp.")));
data/thermald-2.3/src/thd_engine_default.cpp:881:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
map_fd = open("/dev/mem", O_RDWR, 0);
data/thermald-2.3/src/thd_kobj_uevent.cpp:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[max_buffer_size];
data/thermald-2.3/src/thd_kobj_uevent.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_path[max_buffer_size];
data/thermald-2.3/src/thd_parse.cpp:170:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trip_cdev->influence = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:173:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trip_cdev->sampling_period = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:176:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trip_cdev->target_state = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:215:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trip_pt->temperature = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:218:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trip_pt->temperature = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:220:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trip_pt->hyst = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:363:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cdev->index = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:373:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cdev->min_state = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:376:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cdev->max_state = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:380:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cdev->inc_dec_step = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:383:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cdev->read_back = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:387:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cdev->debounce_interval = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:396:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(tmp_value))
data/thermald-2.3/src/thd_parse.cpp:504:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info_ptr->async_capable = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:507:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info_ptr->virtual_sensor = atoi(tmp_value);
data/thermald-2.3/src/thd_parse.cpp:594:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info_ptr->polling_interval = atoi(tmp_value);
data/thermald-2.3/src/thd_rapl_power_meter.cpp:271:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const_0_val = atoi(_buffer.c_str());
data/thermald-2.3/src/thd_rapl_power_meter.cpp:276:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const_1_val = atoi(_buffer.c_str());
data/thermald-2.3/src/thd_sys_fs.cpp:31:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(p.c_str(), O_WRONLY);
data/thermald-2.3/src/thd_sys_fs.cpp:49:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(p.c_str(), O_WRONLY);
data/thermald-2.3/src/thd_sys_fs.cpp:75:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(p.c_str(), O_RDONLY);
data/thermald-2.3/src/thd_sys_fs.cpp:99:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(p.c_str(), O_RDONLY);
data/thermald-2.3/src/thd_sys_fs.cpp:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16];
data/thermald-2.3/src/thd_sys_fs.cpp:122:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(p.c_str(), O_RDONLY);
data/thermald-2.3/src/thd_sys_fs.cpp:129:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptr_val = atoi(str);
data/thermald-2.3/src/thd_sys_fs.cpp:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/thermald-2.3/src/thd_sys_fs.cpp:142:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(p.c_str(), O_RDONLY);
data/thermald-2.3/src/thd_sys_fs.cpp:149:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptr_val = atol(str);
data/thermald-2.3/src/thd_sys_fs.cpp:202:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open(base_path.c_str(), O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU);
data/thermald-2.3/src/thd_trip_point.cpp:84:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depend_cdev_state = atoi(state_str.substr(state_index).c_str());
data/thermald-2.3/src/thd_trip_point.cpp:341:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&thd_cdev.pid_param, pid_param, sizeof(pid_param_t));
data/thermald-2.3/src/thd_trt_art_reader.cpp:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/thermald-2.3/src/thd_trt_art_reader.cpp:175:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conf_file.open(file_name.c_str());
data/thermald-2.3/src/thd_trt_art_reader.cpp:210:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(rel_cdev.c_str(), O_RDWR);
data/thermald-2.3/src/thd_trt_art_reader.cpp:257:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(rel_cdev.c_str(), O_RDWR);
data/thermald-2.3/src/thd_trt_art_reader.cpp:469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[51], *ptr;
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:181:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(ptr), cthd_trip_point::default_influence);
data/thermald-2.3/test/thermald_test_kern_module.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/thermald-2.3/test/thermald_test_kern_module.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/thermald-2.3/test/thermald_test_kern_module.c:170:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(buf, "%d\n", sensor_temp);
data/thermald-2.3/test/thermald_test_kern_module.c:185:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(buf, "%d\n", control_state);
data/thermald-2.3/tools/thermal_monitor/mainwindow.cpp:401:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!logging_file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:19556:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels.at(y), pixels.first(), n*sizeof(QRgb));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:24681:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mData, other.mData, sizeof(mData[0])*keySize*valueSize);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:24683:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mAlpha, other.mAlpha, sizeof(mAlpha[0])*keySize*valueSize);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:25778:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(0),
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:25788:55: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPFinancialData::QCPFinancialData(double key, double open, double high, double low, double close) :
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:25790:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(open),
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:25790:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(open),
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:25921:80: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QCPFinancial::setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:25924:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
addData(keys, open, high, low, close, alreadySorted);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26042:80: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QCPFinancial::addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted)
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26044:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size())
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26044:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (keys.size() != open.size() || open.size() != high.size() || high.size() != low.size() || low.size() != close.size() || close.size() != keys.size())
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26045:103: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qDebug() << Q_FUNC_INFO << "keys, open, high, low, close have different sizes:" << keys.size() << open.size() << high.size() << low.size() << close.size();
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26046:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int n = qMin(keys.size(), qMin(open.size(), qMin(high.size(), qMin(low.size(), close.size()))));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26054:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
it->open = open[i];
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26074:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QCPFinancial::addData(double key, double open, double high, double low, double close)
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26076:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mDataContainer->add(QCPFinancialData(key, open, high, low, close));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26324:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26328:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26345:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26349:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26384:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26385:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setBrush(it->close >= it->open ? mBrushPositive : mBrushNegative);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26392:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26395:130: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(keyPixel, valueAxis->coordToPixel(it->high)), QPointF(keyPixel, valueAxis->coordToPixel(qMax(it->open, it->close))));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26397:129: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(keyPixel, valueAxis->coordToPixel(it->low)), QPointF(keyPixel, valueAxis->coordToPixel(qMin(it->open, it->close))));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26412:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setPen(it->close >= it->open ? mPenPositive : mPenNegative);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26413:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->setBrush(it->close >= it->open ? mBrushPositive : mBrushNegative);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26420:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double openPixel = valueAxis->coordToPixel(it->open);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26423:120: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(valueAxis->coordToPixel(it->high), keyPixel), QPointF(valueAxis->coordToPixel(qMax(it->open, it->close)), keyPixel));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26425:119: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
painter->drawLine(QPointF(valueAxis->coordToPixel(it->low), keyPixel), QPointF(valueAxis->coordToPixel(qMin(it->open, it->close)), keyPixel));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26550:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPRange boxValueRange(it->close, it->open);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26560:186: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double highLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(keyPixel, valueAxis->coordToPixel(it->high)), QCPVector2D(keyPixel, valueAxis->coordToPixel(qMax(it->open, it->close))));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26561:184: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double lowLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(keyPixel, valueAxis->coordToPixel(it->low)), QCPVector2D(keyPixel, valueAxis->coordToPixel(qMin(it->open, it->close))));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26577:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPRange boxValueRange(it->close, it->open);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26587:176: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double highLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(valueAxis->coordToPixel(it->high), keyPixel), QCPVector2D(valueAxis->coordToPixel(qMax(it->open, it->close)), keyPixel));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.cpp:26588:174: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double lowLineDistSqr = QCPVector2D(pos).distanceSquaredToLine(QCPVector2D(valueAxis->coordToPixel(it->low), keyPixel), QCPVector2D(valueAxis->coordToPixel(qMin(it->open, it->close)), keyPixel));
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h:5786:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QCPFinancialData(double key, double open, double high, double low, double close);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h:5793:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline double mainValue() const { return open; }
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h:5797:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double key, open, high, low, close;
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h:5865:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void setData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted=false);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h:5876:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void addData(const QVector<double> &keys, const QVector<double> &open, const QVector<double> &high, const QVector<double> &low, const QVector<double> &close, bool alreadySorted=false);
data/thermald-2.3/tools/thermal_monitor/qcustomplot/qcustomplot.h:5877:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void addData(double key, double open, double high, double low, double close);
data/thermald-2.3/src/android_main.cpp:119:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(027);
data/thermald-2.3/src/android_main.cpp:153:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(pid_file_handle, str, strlen(str));
data/thermald-2.3/src/thd_cdev_backlight.cpp:52:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = cdev_sysfs.read("max_brightness", temp_str);
data/thermald-2.3/src/thd_cdev_backlight.cpp:112:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = cdev_sysfs.read("brightness", temp_str);
data/thermald-2.3/src/thd_cdev_cpufreq.cpp:38:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read("present", count_str);
data/thermald-2.3/src/thd_cdev_cpufreq.cpp:99:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(str.str(), freq_str);
data/thermald-2.3/src/thd_cdev_cpufreq.cpp:112:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(str.str(), freq_str);
data/thermald-2.3/src/thd_cdev_gen_sysfs.cpp:30:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read("", state_str);
data/thermald-2.3/src/thd_cdev_intel_pstate_driver.cpp:106:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = cdev_sysfs.read(status_attr.str(), status_str);
data/thermald-2.3/src/thd_cdev_intel_pstate_driver.cpp:116:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(tc_state_dev.str(), state_str);
data/thermald-2.3/src/thd_cdev_kbl_amdgpu.cpp:66:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = cdev_sysfs.read("power1_average", &state);
data/thermald-2.3/src/thd_cdev_kbl_amdgpu.cpp:109:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = cdev_sysfs.read("power1_cap_min", &max_state);
data/thermald-2.3/src/thd_cdev_kbl_amdgpu.cpp:122:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = cdev_sysfs.read("power1_cap_max", &min_state);
data/thermald-2.3/src/thd_cdev_modem.cpp:48:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(property) != strlen(property_name)
data/thermald-2.3/src/thd_cdev_modem.cpp:48:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(property) != strlen(property_name)
data/thermald-2.3/src/thd_cdev_modem.cpp:189:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(property) != strlen(property_name)
data/thermald-2.3/src/thd_cdev_modem.cpp:189:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(property) != strlen(property_name)
data/thermald-2.3/src/thd_cdev_rapl.cpp:139:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(temp_str.str(), type_str);
data/thermald-2.3/src/thd_cdev_rapl.cpp:180:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cdev_sysfs.read(temp_power_str.str(), ¤t_pl1_max) > 0) {
data/thermald-2.3/src/thd_cdev_rapl.cpp:193:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cdev_sysfs.read(temp_power_str.str(), ¤t_pl1) > 0) {
data/thermald-2.3/src/thd_cdev_rapl.cpp:244:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cdev_sysfs.read(temp_time_str.str(), &tm_window) > 0) {
data/thermald-2.3/src/thd_cdev_rapl.cpp:288:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cdev_sysfs.read(temp_str.str(), &enable) > 0) {
data/thermald-2.3/src/thd_cdev_rapl.cpp:470:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sys_fs.read("power_limit_0_max_uw", &pl0_max_pwr) <= 0)
data/thermald-2.3/src/thd_cdev_rapl.cpp:475:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sys_fs.read("power_limit_0_min_uw", &pl0_min_pwr) <= 0)
data/thermald-2.3/src/thd_cdev_rapl.cpp:480:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sys_fs.read("power_limit_0_tmin_us", &pl0_min_window) <= 0)
data/thermald-2.3/src/thd_cdev_rapl.cpp:485:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sys_fs.read("power_limit_0_tmax_us", &pl0_max_window) <= 0)
data/thermald-2.3/src/thd_cdev_rapl.cpp:490:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sys_fs.read("power_limit_0_step_uw", &pl0_step_pwr) <= 0)
data/thermald-2.3/src/thd_cdev_rapl_dram.cpp:49:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (name_sysfs.read("", name) < 0) {
data/thermald-2.3/src/thd_cdev_therm_sys_fs.cpp:39:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(tc_state_dev.str(), state_str);
data/thermald-2.3/src/thd_cdev_therm_sys_fs.cpp:48:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(tc_max_state_dev.str(), state_str);
data/thermald-2.3/src/thd_cdev_therm_sys_fs.cpp:56:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(tc_type_dev.str(), type_str);
data/thermald-2.3/src/thd_cdev_therm_sys_fs.cpp:78:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(tc_state_dev.str(), state_str);
data/thermald-2.3/src/thd_cdev_therm_sys_fs.cpp:109:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdev_sysfs.read(tc_state_dev.str(), state_str);
data/thermald-2.3/src/thd_cpu_default_binding.cpp:128:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
filein.read((char *) stat, sizeof(*stat));
data/thermald-2.3/src/thd_cpu_default_binding.cpp:154:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
filein.read((char *) &obj, sizeof(obj));
data/thermald-2.3/src/thd_cpu_default_binding.cpp:183:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(obj.zone_name, zone_name.c_str(), 50);
data/thermald-2.3/src/thd_dbus_interface.cpp:182:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pref_str, value_out, MAX_DBUS_REPLY_STR_LEN);
data/thermald-2.3/src/thd_dbus_interface.cpp:317:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sensor_str, sensor->get_sensor_type().c_str(),
data/thermald-2.3/src/thd_dbus_interface.cpp:320:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path_str, sensor->get_sensor_path().c_str(),
data/thermald-2.3/src/thd_dbus_interface.cpp:361:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zone_str, zone->get_zone_type().c_str(),
data/thermald-2.3/src/thd_dbus_interface.cpp:391:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sensor_str, sensor->get_sensor_type().c_str(),
data/thermald-2.3/src/thd_dbus_interface.cpp:457:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cdev_str, cdev->get_cdev_type().c_str(),
data/thermald-2.3/src/thd_dbus_interface.cpp:541:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(path) >= strlen("/etc")) && !strncmp(path, "/etc",
data/thermald-2.3/src/thd_dbus_interface.cpp:541:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(path) >= strlen("/etc")) && !strncmp(path, "/etc",
data/thermald-2.3/src/thd_dbus_interface.cpp:542:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("/etc")))
data/thermald-2.3/src/thd_dbus_interface.cpp:559:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(path) >= strlen("/etc")) && !strncmp(path, "/etc",
data/thermald-2.3/src/thd_dbus_interface.cpp:559:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(path) >= strlen("/etc")) && !strncmp(path, "/etc",
data/thermald-2.3/src/thd_dbus_interface.cpp:560:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("/etc")))
data/thermald-2.3/src/thd_engine.cpp:146:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int result = read(poll_fds[wakeup_fd].fd, &msg,
data/thermald-2.3/src/thd_engine.cpp:554:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("thermal_zone"))) {
data/thermald-2.3/src/thd_engine.cpp:557:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:568:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = sysfs.read(policy.str(), curr_policy);
data/thermald-2.3/src/thd_engine.cpp:576:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sysfs.read(type.str(), thermal_type);
data/thermald-2.3/src/thd_engine.cpp:607:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("thermal_zone"))) {
data/thermald-2.3/src/thd_engine.cpp:610:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:622:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sysfs.read(type.str(), thermal_type);
data/thermald-2.3/src/thd_engine.cpp:786:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("thermal_zone"))) {
data/thermald-2.3/src/thd_engine.cpp:788:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:819:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("thermal_zone"))) {
data/thermald-2.3/src/thd_engine.cpp:821:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = atoi(entry->d_name + strlen("thermal_zone"));
data/thermald-2.3/src/thd_engine.cpp:854:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("cooling_device"))) {
data/thermald-2.3/src/thd_engine.cpp:856:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = atoi(entry->d_name + strlen("cooling_device"));
data/thermald-2.3/src/thd_engine_adaptive.cpp:740:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, header->v2.segmentid, sizeof(name) - 1);
data/thermald-2.3/src/thd_engine_adaptive.cpp:741:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(comment, header->v2.comment, sizeof(comment) - 1);
data/thermald-2.3/src/thd_engine_adaptive.cpp:925:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sysfs.read(filename, data) < 0) {
data/thermald-2.3/src/thd_engine_adaptive.cpp:1476:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sysfs.read(int3400_base_path + "firmware_node/path",
data/thermald-2.3/src/thd_engine_adaptive.cpp:1494:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sysfs.read(int3400_base_path + "data_vault", buf, size)
data/thermald-2.3/src/thd_engine_default.cpp:129:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(entry->d_name, "coretemp.", strlen("coretemp."))
data/thermald-2.3/src/thd_engine_default.cpp:130:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strncmp(entry->d_name, "hwmon", strlen("hwmon"))) {
data/thermald-2.3/src/thd_engine_default.cpp:142:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (name_sysfs.read("", name) < 0) {
data/thermald-2.3/src/thd_engine_default.cpp:410:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("coretemp."))
data/thermald-2.3/src/thd_engine_default.cpp:412:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("hwmon"))) {
data/thermald-2.3/src/thd_engine_default.cpp:423:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (name_sysfs.read("", name) < 0) {
data/thermald-2.3/src/thd_engine_default.cpp:435:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atoi(entry->d_name + strlen("coretemp.")));
data/thermald-2.3/src/thd_engine_default.cpp:918:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sys_fs.read("/sys/bus/pci/devices/0000:00:04.0/tcc_offset_degree_celsius", &tcc) <= 0) {
data/thermald-2.3/src/thd_engine_default.cpp:944:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = msr_sysfs.read("/dev/cpu/0/msr", 0x1a2, (char *)&val, sizeof(val));
data/thermald-2.3/src/thd_kobj_uevent.cpp:56:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int dev_path_len = strlen(dev_path);
data/thermald-2.3/src/thd_kobj_uevent.cpp:65:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer + i) > dev_path_len
data/thermald-2.3/src/thd_kobj_uevent.cpp:68:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(device_path))) {
data/thermald-2.3/src/thd_kobj_uevent.cpp:72:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(buffer + i) + 1;
data/thermald-2.3/src/thd_kobj_uevent.cpp:79:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(device_path, path, max_buffer_size);
data/thermald-2.3/src/thd_parse.cpp:54:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(str) - 1; (isspace(str[i])); i--)
data/thermald-2.3/src/thd_rapl_power_meter.cpp:93:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sys_fs.read(path.str(), buffer);
data/thermald-2.3/src/thd_rapl_power_meter.cpp:155:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sys_fs.read(_path, _buffer);
data/thermald-2.3/src/thd_rapl_power_meter.cpp:163:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sys_fs.read(path, buffer);
data/thermald-2.3/src/thd_rapl_power_meter.cpp:269:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sys_fs.read(_path, _buffer);
data/thermald-2.3/src/thd_rapl_power_meter.cpp:274:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sys_fs.read(_path, _buffer);
data/thermald-2.3/src/thd_sensor.cpp:39:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sensor_sysfs.read("type", type_str);
data/thermald-2.3/src/thd_sensor.cpp:74:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = sensor_sysfs.read("temp", buffer);
data/thermald-2.3/src/thd_sensor.cpp:76:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = sensor_sysfs.read("", buffer);
data/thermald-2.3/src/thd_sensor_kbl_g_mcp.cpp:68:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = sensor_sysfs.read("", &gpu_power);
data/thermald-2.3/src/thd_sys_fs.cpp:73:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int csys_fs::read(const std::string &path, char *buf, int len) {
data/thermald-2.3/src/thd_sys_fs.cpp:82:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = ::read(fd, buf, len);
data/thermald-2.3/src/thd_sys_fs.cpp:96:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int csys_fs::read(const std::string &path, unsigned int position, char *buf,
data/thermald-2.3/src/thd_sys_fs.cpp:109:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = ::read(fd, buf, len);
data/thermald-2.3/src/thd_sys_fs.cpp:117:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int csys_fs::read(const std::string &path, int *ptr_val) {
data/thermald-2.3/src/thd_sys_fs.cpp:127:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = ::read(fd, str, sizeof(str));
data/thermald-2.3/src/thd_sys_fs.cpp:137:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int csys_fs::read(const std::string &path, unsigned long *ptr_val) {
data/thermald-2.3/src/thd_sys_fs.cpp:147:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = ::read(fd, str, sizeof(str));
data/thermald-2.3/src/thd_sys_fs.cpp:157:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int csys_fs::read(const std::string &path, std::string &buf) {
data/thermald-2.3/src/thd_sys_fs.h:58:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const std::string &path, char *buf, int len);
data/thermald-2.3/src/thd_sys_fs.h:59:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const std::string &path, std::string &buf);
data/thermald-2.3/src/thd_sys_fs.h:60:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const std::string &path, int *ptr_val);
data/thermald-2.3/src/thd_sys_fs.h:61:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const std::string &path, unsigned long *ptr_val);
data/thermald-2.3/src/thd_sys_fs.h:62:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const std::string &path, unsigned int position, char *buf,
data/thermald-2.3/src/thd_trt_art_reader.cpp:71:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(entry->d_name, "INT340", strlen("INT340"))) {
data/thermald-2.3/src/thd_trt_art_reader.cpp:85:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = acpi_sysfs.read("uid", uid);
data/thermald-2.3/src/thd_trt_art_reader.cpp:89:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = acpi_sysfs.read("path", uid);
data/thermald-2.3/src/thd_zone_cpu.cpp:70:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dts_sysfs.read(temp_crit_str.str(), temp_str);
data/thermald-2.3/src/thd_zone_cpu.cpp:83:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dts_sysfs.read(temp_max_str.str(), temp_str);
data/thermald-2.3/src/thd_zone_kbl_amdgpu.cpp:77:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = hwmon_sysfs.read("temp1_crit", &crit_temp);
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:38:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zone_sysfs.read(tc_type_dev.str(), type_str);
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:90:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zone_sysfs.read(type_stream.str(), _type_str);
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:97:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zone_sysfs.read(temp_stream.str(), _temp_str);
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:105:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zone_sysfs.read(hist_stream.str(), _hist_str);
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:163:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zone_sysfs.read(trip_pt_stream.str(), trip_pt_str);
data/thermald-2.3/src/thd_zone_therm_sys_fs.cpp:177:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen("cooling_device");
ANALYSIS SUMMARY:
Hits = 248
Lines analyzed = 54456 in approximately 1.42 seconds (38236 lines/second)
Physical Source Lines of Code (SLOC) = 32554
Hits@level = [0] 20 [1] 117 [2] 122 [3] 1 [4] 6 [5] 2
Hits@level+ = [0+] 268 [1+] 248 [2+] 131 [3+] 9 [4+] 8 [5+] 2
Hits/KSLOC@level+ = [0+] 8.23248 [1+] 7.61811 [2+] 4.02408 [3+] 0.276464 [4+] 0.245746 [5+] 0.0614364
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.