Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uefitool-0.27.0/LZMA/LzmaCompress.c
Examining data/uefitool-0.27.0/LZMA/LzmaCompress.h
Examining data/uefitool-0.27.0/LZMA/LzmaDecompress.c
Examining data/uefitool-0.27.0/LZMA/LzmaDecompress.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/7zVersion.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/Bra.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/Bra86.c
Examining data/uefitool-0.27.0/LZMA/SDK/C/CpuArch.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzFind.c
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzFind.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzHash.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.c
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c
Examining data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.h
Examining data/uefitool-0.27.0/LZMA/SDK/C/Types.h
Examining data/uefitool-0.27.0/LZMA/UefiLzma.h
Examining data/uefitool-0.27.0/Tiano/EfiTianoCompress.c
Examining data/uefitool-0.27.0/Tiano/EfiTianoCompress.h
Examining data/uefitool-0.27.0/Tiano/EfiTianoCompressLegacy.c
Examining data/uefitool-0.27.0/Tiano/EfiTianoDecompress.c
Examining data/uefitool-0.27.0/Tiano/EfiTianoDecompress.h
Examining data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp
Examining data/uefitool-0.27.0/UEFIPatch/uefipatch.h
Examining data/uefitool-0.27.0/UEFIPatch/uefipatch_main.cpp
Examining data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp
Examining data/uefitool-0.27.0/UEFIReplace/uefireplace.h
Examining data/uefitool-0.27.0/UEFIReplace/uefireplace_main.cpp
Examining data/uefitool-0.27.0/basetypes.h
Examining data/uefitool-0.27.0/descriptor.cpp
Examining data/uefitool-0.27.0/descriptor.h
Examining data/uefitool-0.27.0/ffs.cpp
Examining data/uefitool-0.27.0/ffs.h
Examining data/uefitool-0.27.0/ffsengine.cpp
Examining data/uefitool-0.27.0/ffsengine.h
Examining data/uefitool-0.27.0/gbe.h
Examining data/uefitool-0.27.0/guidlineedit.cpp
Examining data/uefitool-0.27.0/guidlineedit.h
Examining data/uefitool-0.27.0/me.h
Examining data/uefitool-0.27.0/messagelistitem.cpp
Examining data/uefitool-0.27.0/messagelistitem.h
Examining data/uefitool-0.27.0/peimage.cpp
Examining data/uefitool-0.27.0/peimage.h
Examining data/uefitool-0.27.0/searchdialog.cpp
Examining data/uefitool-0.27.0/searchdialog.h
Examining data/uefitool-0.27.0/treeitem.cpp
Examining data/uefitool-0.27.0/treeitem.h
Examining data/uefitool-0.27.0/treemodel.cpp
Examining data/uefitool-0.27.0/treemodel.h
Examining data/uefitool-0.27.0/types.cpp
Examining data/uefitool-0.27.0/types.h
Examining data/uefitool-0.27.0/uefitool.cpp
Examining data/uefitool-0.27.0/uefitool.h
Examining data/uefitool-0.27.0/uefitool_main.cpp
Examining data/uefitool-0.27.0/version.h
FINAL RESULTS:
data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.c:769:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/uefitool-0.27.0/LZMA/SDK/C/LzmaDec.c:857:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:346:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:347:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:350:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:352:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:356:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:372:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:373:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:376:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:382:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
data/uefitool-0.27.0/LZMA/SDK/C/LzmaEnc.c:2082:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, data, size);
data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:38:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly | QFile::Text))
data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:49:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QFile::ReadOnly))
data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:114:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QFile::WriteOnly))
data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:134:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QFile::ReadOnly))
data/uefitool-0.27.0/UEFIPatch/uefipatch.cpp:194:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QFile::WriteOnly))
data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp:41:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QFile::ReadOnly))
data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp:54:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!contentFile.open(QFile::ReadOnly))
data/uefitool-0.27.0/UEFIReplace/uefireplace.cpp:74:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QFile::WriteOnly))
data/uefitool-0.27.0/ffsengine.cpp:4710:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly))
data/uefitool-0.27.0/ffsengine.cpp:4718:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly))
data/uefitool-0.27.0/ffsengine.cpp:4730:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::Text | QFile::WriteOnly))
data/uefitool-0.27.0/uefitool.cpp:289:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QFile::ReadOnly)) {
data/uefitool-0.27.0/uefitool.cpp:412:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QFile::ReadOnly)) {
data/uefitool-0.27.0/uefitool.cpp:520:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QFile::WriteOnly)) {
data/uefitool-0.27.0/uefitool.cpp:570:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QFile::WriteOnly)) {
data/uefitool-0.27.0/uefitool.cpp:612:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inputFile.open(QFile::ReadOnly)) {
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 20225 in approximately 0.43 seconds (47184 lines/second)
Physical Source Lines of Code (SLOC) = 14487
Hits@level = [0] 6 [1] 0 [2] 41 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 47 [1+] 41 [2+] 41 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.24429 [1+] 2.83012 [2+] 2.83012 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.