Rats
rats -i -r -w 3 --html --columns --context /usr/src/linux/drivers/media/video/uvc > ~/rats_results.html && chromium ~/rats_results.htmlEntries in perl database: 33
Entries in python database: 62
Entries in c database: 334
Entries in php database: 55
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_queue.c
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_driver.c
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_isight.c
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_status.c
Analyzing /usr/src/linux/drivers/media/video/uvc/uvc_video.c
/usr/src/linux/drivers/media/video/uvc/uvc_status.c:102[9]: High: fixed size local buffer
char *attrs[3] = { "value", "info", "failure" };
Extra care should be taken to ensure that character arrays that are allocated
on the stack are used safely. They are prime targets for buffer overflow
attacks.
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:1067[10]: Medium: non-function call reference: open
.open = uvc_vm_open,
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:1135[10]: Medium: non-function call reference: open
.open = uvc_v4l2_open,
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:1138[10]: Medium: non-function call reference: read
.read = uvc_v4l2_read,
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:789[9]: Low: strlcpy: read
strlcpy(v4l2_ctrl->name, mapping->name, sizeof v4l2_ctrl->name);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:315[25]: Low: strlcpy: read
strlcpy(format->name, fmtdesc->name,
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:346[17]: Low: strlcpy: read
strlcpy(format->name, "MJPEG", sizeof format->name);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:364[25]: Low: strlcpy: read
strlcpy(format->name, "SD-DV", sizeof format->name);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:367[25]: Low: strlcpy: read
strlcpy(format->name, "SDL-DV", sizeof format->name);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:370[25]: Low: strlcpy: read
strlcpy(format->name, "HD-DV", sizeof format->name);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1509[9]: Low: strlcpy: read
strlcpy(vdev->name, dev->name, sizeof vdev->name);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1605[17]: Low: strlcpy: read
strlcpy(dev->name, udev->product, sizeof dev->name);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:64[9]: Low: strlcpy: read
strlcpy(query_menu->name, menu_info->name, sizeof query_menu->name);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:507[17]: Low: strlcpy: read
strlcpy(cap->driver, "uvcvideo", sizeof cap->driver);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:508[17]: Low: strlcpy: read
strlcpy(cap->card, vdev->name, sizeof cap->card);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:650[17]: Low: strlcpy: read
strlcpy(input->name, iterm->name, sizeof input->name);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:718[17]: Low: strlcpy: read
strlcpy(fmt->description, format->name,
Double check that your buffer is as big as you specify
/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:923[25]: Low: memcpy: read
memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:1039[17]: Low: memcpy: read
memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_BACKUP),
/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:1108[9]: Low: memcpy: read
memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_BACKUP),
/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:1131[17]: Low: memcpy: read
memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
/usr/src/linux/drivers/media/video/uvc/uvc_queue.c:192[9]: Low: memcpy: read
memcpy(v4l2_buf, &buf->buf, sizeof *v4l2_buf);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:638[9]: Low: memcpy: read
memcpy(streaming->header.bmaControls, &buffer[size], p*n);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:823[17]: Low: memcpy: read
memcpy(unit->extension.guidExtensionCode, &buffer[4], 16);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:827[17]: Low: memcpy: read
memcpy(unit->extension.baSourceID, &buffer[22], p);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:832[17]: Low: memcpy: read
memcpy(unit->extension.bmControls, &buffer[23+p], 2*n);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:944[25]: Low: memcpy: read
memcpy(term->camera.bmControls, &buffer[15], n);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:951[25]: Low: memcpy: read
memcpy(term->media.bmControls, &buffer[9], n);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:952[25]: Low: memcpy: read
memcpy(term->media.bmTransportModes, &buffer[10+n], p);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1023[17]: Low: memcpy: read
memcpy(unit->selector.baSourceID, &buffer[5], p);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1056[17]: Low: memcpy: read
memcpy(unit->processing.bmControls, &buffer[8], n);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1086[17]: Low: memcpy: read
memcpy(unit->extension.guidExtensionCode, &buffer[4], 16);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1090[17]: Low: memcpy: read
memcpy(unit->extension.baSourceID, &buffer[22], p);
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1093[17]: Low: memcpy: read
memcpy(unit->extension.bmControls, &buffer[23+p], n);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:261[9]: Low: memcpy: read
memcpy(&video->streaming->ctrl, &probe, sizeof probe);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:320[9]: Low: memcpy: read
memcpy(&probe, &video->streaming->ctrl, sizeof probe);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:332[9]: Low: memcpy: read
memcpy(&video->streaming->ctrl, &probe, sizeof probe);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:973[17]: Low: memcpy: read
memcpy(info->entity, xinfo->entity, sizeof info->entity);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:1001[17]: Low: memcpy: read
memcpy(map->name, xmap->name, sizeof map->name);
/usr/src/linux/drivers/media/video/uvc/uvc_v4l2.c:1002[17]: Low: memcpy: read
memcpy(map->entity, xmap->entity, sizeof map->entity);
/usr/src/linux/drivers/media/video/uvc/uvc_isight.c:89[17]: Low: memcpy: read
memcpy(mem, data, nbytes);
/usr/src/linux/drivers/media/video/uvc/uvc_video.c:459[9]: Low: memcpy: read
memcpy(mem, data, nbytes);
/usr/src/linux/drivers/media/video/uvc/uvc_video.c:515[9]: Low: memcpy: read
memcpy(data, mem, nbytes);
/usr/src/linux/drivers/media/video/uvc/uvc_video.c:595[25]: Low: memcpy: read
memcpy(video->bulk.header, mem, ret);
Double check that your buffer is as big as you specify.
When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string.
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:322[25]: Low: snprintf: read
snprintf(format->name, sizeof format->name,
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:1607[17]: Low: snprintf: read
snprintf(dev->name, sizeof dev->name,
Double check that your buffer is as big as you specify.
When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string.
/usr/src/linux/drivers/media/video/uvc/uvc_driver.c:380[17]: Low: strlcat: read
strlcat(format->name, buffer[8] & (1 << 7) ? " 60Hz" : " 50Hz",
/usr/src/linux/drivers/media/video/uvc/uvc_status.c:35[9]: Low: strlcat: read
strlcat(dev->input_phys, "/button", sizeof(dev->input_phys));
Double check that your buffer is as big as you specify
Total lines analyzed: 6748
Total time 0.010565 seconds
638712 lines per second
Cppcheck
cppcheck --enable=all /usr/src/linux/drivers/media/video/uvc/ 2> ~/err.txt && kwrite ~/err.txt[/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:970]: (style) The scope of the variable ret can be limited
[/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:1009]: (style) The scope of the variable ret can be limited
[/usr/src/linux/drivers/media/video/uvc/uvc_video.c:572]: (style) The scope of the variable ret can be limited
[/usr/src/linux/drivers/media/video/uvc/uvc_ctrl.c:1]: (style) The function '__uvc_ctrl_commit' is never used
Estas son las dos salidas de dos analizadores de código cuando leen linux-uvc.
ResponderEliminarRevisan lo que está escrito que pudiera ser peligroso, preocupante o confuso.
Así el código será más sencillo de leer y difícil de "sabotear".