Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/uefitool-0.27.0/LZMA/LzmaCompress.c Examining data/uefitool-0.27.0/LZMA/LzmaCompress.h Examining data/uefitool-0.27.0/LZMA/LzmaDecompress.c Examining data/uefitool-0.27.0/LZMA/LzmaDecompress.h Examining data/uefitool-0.27.0/LZMA/SDK/C/7zVersion.h Examining data/uefitool-0.27.0/LZMA/SDK/C/Bra.h Examining data/uefitool-0.27.0/LZMA/SDK/C/Bra86.c Examining data/uefitool-0.27.0/LZMA/SDK/C/CpuArch.h Examining data/uefitool-0.27.0/LZMA/SDK/C/LzFind.c Examining data/uefitool-0.27.0/LZMA/SDK/C/LzFind.h Examining data/uefitool-0.27.0/LZMA/SDK/C/LzHash.h Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.c Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.h Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.h Examining data/uefitool-0.27.0/LZMA/SDK/C/Types.h Examining data/uefitool-0.27.0/LZMA/UefiLzma.h Examining data/uefitool-0.27.0/Tiano/EfiTianoCompress.c Examining data/uefitool-0.27.0/Tiano/EfiTianoCompress.h Examining data/uefitool-0.27.0/Tiano/EfiTianoCompressLegacy.c Examining data/uefitool-0.27.0/Tiano/EfiTianoDecompress.c Examining data/uefitool-0.27.0/Tiano/EfiTianoDecompress.h Examining data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp Examining data/uefitool-0.27.0/UEFIPatch/uefipatch.h Examining data/uefitool-0.27.0/UEFIPatch/uefipatch_main.cpp Examining data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp Examining data/uefitool-0.27.0/UEFIReplace/uefireplace.h Examining data/uefitool-0.27.0/UEFIReplace/uefireplace_main.cpp Examining data/uefitool-0.27.0/basetypes.h Examining data/uefitool-0.27.0/descriptor.cpp Examining data/uefitool-0.27.0/descriptor.h Examining data/uefitool-0.27.0/ffs.cpp Examining data/uefitool-0.27.0/ffs.h Examining data/uefitool-0.27.0/ffsengine.cpp Examining data/uefitool-0.27.0/ffsengine.h Examining data/uefitool-0.27.0/gbe.h Examining data/uefitool-0.27.0/guidlineedit.cpp Examining data/uefitool-0.27.0/guidlineedit.h Examining data/uefitool-0.27.0/me.h Examining data/uefitool-0.27.0/messagelistitem.cpp Examining data/uefitool-0.27.0/messagelistitem.h Examining data/uefitool-0.27.0/peimage.cpp Examining data/uefitool-0.27.0/peimage.h Examining data/uefitool-0.27.0/searchdialog.cpp Examining data/uefitool-0.27.0/searchdialog.h Examining data/uefitool-0.27.0/treeitem.cpp Examining data/uefitool-0.27.0/treeitem.h Examining data/uefitool-0.27.0/treemodel.cpp Examining data/uefitool-0.27.0/treemodel.h Examining data/uefitool-0.27.0/types.cpp Examining data/uefitool-0.27.0/types.h Examining data/uefitool-0.27.0/uefitool.cpp Examining data/uefitool-0.27.0/uefitool.h Examining data/uefitool-0.27.0/uefitool_main.cpp Examining data/uefitool-0.27.0/version.h FINAL RESULTS: data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.c:769:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->tempBuf, src, inSize); data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.c:857:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, p->dic + dicPos, outSizeCur); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:346:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i])); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:347:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i])); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:350:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i])); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:351:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep, p->isRep, sizeof(p->isRep)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:352:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:353:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:355:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:356:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:357:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->reps, p->reps, sizeof(p->reps)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:358:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:372:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i])); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:373:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i])); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:376:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i])); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:377:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep, p->isRep, sizeof(p->isRep)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:378:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:379:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:380:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:382:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->reps, p->reps, sizeof(p->reps)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:384:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb)); data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:2082:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->data, data, size); data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:38:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly | QFile::Text)) data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:49:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inputFile.open(QFile::ReadOnly)) data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:114:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outputFile.open(QFile::WriteOnly)) data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:134:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inputFile.open(QFile::ReadOnly)) data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:194:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outputFile.open(QFile::WriteOnly)) data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp:41:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inputFile.open(QFile::ReadOnly)) data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp:54:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!contentFile.open(QFile::ReadOnly)) data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp:74:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outputFile.open(QFile::WriteOnly)) data/uefitool-0.27.0/ffsengine.cpp:4710:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) data/uefitool-0.27.0/ffsengine.cpp:4718:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) data/uefitool-0.27.0/ffsengine.cpp:4730:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::Text | QFile::WriteOnly)) data/uefitool-0.27.0/uefitool.cpp:289:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inputFile.open(QFile::ReadOnly)) { data/uefitool-0.27.0/uefitool.cpp:412:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inputFile.open(QFile::ReadOnly)) { data/uefitool-0.27.0/uefitool.cpp:520:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outputFile.open(QFile::WriteOnly)) { data/uefitool-0.27.0/uefitool.cpp:570:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outputFile.open(QFile::WriteOnly)) { data/uefitool-0.27.0/uefitool.cpp:612:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inputFile.open(QFile::ReadOnly)) { ANALYSIS SUMMARY: Hits = 41 Lines analyzed = 20225 in approximately 0.43 seconds (47184 lines/second) Physical Source Lines of Code (SLOC) = 14487 Hits@level = [0] 6 [1] 0 [2] 41 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 47 [1+] 41 [2+] 41 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.24429 [1+] 2.83012 [2+] 2.83012 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.