Highest Voted 'flawfinder' Questions

6

votes

1 answer

read() - Check buffer boundaries if used in a loop including recursive loops

I have this code and run it with Flawinder, and i get this output on the read() functions: Check buffer boundaries if used in a loop including recursive loops Can anyone see the problem? #include void func(int fd) { char *buf; size_t…

c io buffer-overflow flawfinder

asked Oct 27 '18 at 09:04

Per Kristian Gravdal

57
5

2

votes

1 answer

Why is flawfinder reporting problems with fopen?

I am using FlawFinder to find potential vulnerabilities in a piece of C code. In the analysis, the tool reports this problem: file.c:54: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening…

c fopen flawfinder

asked Nov 05 '20 at 15:35

Francesco

897
8
22

2

votes

0 answers

I can't solve this Flawfinder Warning (CWE-78, CWE-120)

I can't solve these two warnings found by Flawfinder. Could you answer to me with an example of the correct code? Final results: flawfinder_exercise_old_SAL_syntax.cpp:48: [4] (shell) system: This causes a new program to execute and is difficult…

c++ c security warnings flawfinder

asked Mar 30 '16 at 11:19

ZioNick

31
3

1

vote

1 answer

How much can we trust to warnings generated by static analysis tools for vulnerablity detection?

I am running flawfinder on a set of libraries written in C/C++. I have a lot of generated warnings by flawfinder. My question is that, how much I can rely on these generated warnings? For example, consider the following function from numpy library…

static-analysis cppcheck clang-static-analyzer flawfinder

asked Jul 23 '22 at 23:51

Nima shiri

73
7

1

vote

1 answer

How to improve code around flawfinder memset warning?

In my code, all calls to memset appear as warnings with the flawfinder tool. In the simplest case it could boil down to the equivalent to float f1; float f2; void* p1 = &f1; void* p2 = &f2; memcpy(p1, p2, sizeof(float)); The…

c++ memset flawfinder

asked Dec 03 '21 at 12:15

alfC

14,261
4
67
118

1

vote

1 answer

Fix (CWE-120, CWE-20) detected by Flawfinder

I've been asked to analyze some C code with Flawfinder: char * buffer; size_t len; // my_fd is a file descriptor read(my_fd, &len, sizeof(len)); buffer = malloc(len + 1); read(my_fd, buffer, len); buffer[len] = '\0'; I get the following warnings on…

c security flawfinder

asked Nov 04 '20 at 10:39

LucaBonadia

91
2
12

1

vote

2 answers

Python: Why flawfinder module is not working in cmd windows?

Python flawfinder module is working in bash but not working in Windows command commandline. Here are the steps I followed: Python installation path - C/Users/xyz/AppData/Local/Programs/Python/Python37-32/python pip install flawfinder When I type…

python python-3.x flawfinder

asked Sep 24 '19 at 05:55

Naveen Kumar

1,266
1
21
50

0

votes

1 answer

How to use flawfinder with a git patch

I want to use flawfinder for my merge requests, thus analyzing only the code that change. I saw that flawfinder supports patches, so I thought it would be really easy. Thing is : I'm unable to make it work with git patch. Flawfinder does recognize…

git flawfinder

asked Apr 03 '21 at 14:05

RobinG

135
10

0

votes

1 answer

Flawfinder error- internal buffer overflows. How to limit string input size and protect it from overflow?

I have the following code: void parseOptions(int argc, char* argv[]) { std::string mob; int option, index; struct option long_options[] = {{"version", no_argument, 0, 'V'}, {"mobile-interface",…

c++ input argv getopt flawfinder

asked Oct 11 '20 at 14:32

lior.i

573
1
7
20

0

votes

0 answers

Avoid possible symlinks in C++ when using ofstream

I have this code ofstream file; file.open(filePath, std::ios::app); file << content; file.close(); When I run Flawfinder it says: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force…

c++ security file-io flawfinder

asked Jul 25 '20 at 17:14

Mazen Ak

152
7

0

votes

1 answer

Flawfinder (CWE-119!/CWE-120) for char array C++

I have a char array defined like this char buffer[100]; When I run Flawfinder scan for hits I get the one says: (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues…

c++ c++11 security flawfinder

asked Jul 18 '20 at 14:35

Mazen Ak

152
7

0

votes

1 answer

A flaw reported by Flawfinder, but I don't think it makes sense

The question is specific to a pattern that Flawfinder reports: The snippet unsigned char child_report; ... auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report)); if(readlen == -1 || readlen !=…

flawfinder

asked Dec 11 '19 at 20:25

Hongce Zhang

103
6

Questions tagged [flawfinder]