Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/as31-2.3.1/as31/symbol.c
Examining data/as31-2.3.1/as31/parser.h
Examining data/as31-2.3.1/as31/lexer.c
Examining data/as31-2.3.1/as31/emitter.c
Examining data/as31-2.3.1/as31/as31_gtk.c
Examining data/as31-2.3.1/as31/as31.h
Examining data/as31-2.3.1/as31/parser.c
Examining data/as31-2.3.1/as31/as31.c
Examining data/as31-2.3.1/as31/run.c
Examining data/as31-2.3.1/debian/patches/regenerate_parser.c
FINAL RESULTS:
data/as31-2.3.1/as31/lexer.c:152:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prev_token, last_token);
data/as31-2.3.1/as31/lexer.c:225:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/as31-2.3.1/as31/parser.c:1115:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/as31-2.3.1/as31/parser.c:3758:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(listing,show?"%04lX: ":" ",lc);
data/as31-2.3.1/as31/run.c:57:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(asmfile, infile);
data/as31-2.3.1/as31/run.c:72:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile + baselen + 1, extension);
data/as31-2.3.1/as31/run.c:244:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len += vsnprintf(buf + len, sizeof(buf) - len, fmt, args);
data/as31-2.3.1/as31/run.c:261:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len += vsnprintf(buf + len, sizeof(buf) - len, fmt, args);
data/as31-2.3.1/as31/run.c:274:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/as31-2.3.1/as31/symbol.c:368:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p,s);
data/as31-2.3.1/as31/emitter.c:201:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bytes[16];
data/as31-2.3.1/as31/emitter.c:228:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen(file, "w");
data/as31-2.3.1/as31/emitter.c:267:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen(file, "w");
data/as31-2.3.1/as31/emitter.c:328:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen(file,"w");
data/as31-2.3.1/as31/emitter.c:335:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(arg);
data/as31-2.3.1/as31/emitter.c:386:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen(file,"w");
data/as31-2.3.1/as31/emitter.c:423:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char od_buf[16];
data/as31-2.3.1/as31/emitter.c:465:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen(file,"w");
data/as31-2.3.1/as31/emitter.c:522:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char srec_buf[SREC_BYTESPERLINE];
data/as31-2.3.1/as31/emitter.c:577:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen(file,"w");
data/as31-2.3.1/as31/emitter.c:584:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(arg) offset = atoi(arg);
data/as31-2.3.1/as31/lexer.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_token[256], prev_token[256];
data/as31-2.3.1/as31/lexer.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[100];
data/as31-2.3.1/as31/lexer.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* temporary buffer */
data/as31-2.3.1/as31/parser.c:81:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bytebuf[1024]; /* used by dumplist() */
data/as31-2.3.1/as31/parser.c:1411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/as31-2.3.1/as31/parser.c:1646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/as31-2.3.1/as31/parser.c:3728:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newline[61];
data/as31-2.3.1/as31/run.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpName[256];
data/as31-2.3.1/as31/run.c:62:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lstfile + baselen, ".lst");
data/as31-2.3.1/as31/run.c:86:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(asmfile + baselen, ".asm");
data/as31-2.3.1/as31/run.c:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpName,"/tmp/as31-XXXXXX.asm");
data/as31-2.3.1/as31/run.c:136:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
includeFile=fopen(includePtr,"r");
data/as31-2.3.1/as31/run.c:165:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
listing = fopen(lstfile,"w");
data/as31-2.3.1/as31/run.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/as31-2.3.1/as31/run.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/as31-2.3.1/as31/run.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/as31-2.3.1/debian/patches/regenerate_parser.c:102:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
+static unsigned char bytebuf[1024]; /* used by dumplist() */
data/as31-2.3.1/debian/patches/regenerate_parser.c:169:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
-static unsigned char bytebuf[1024]; /* used by dumplist() */
data/as31-2.3.1/debian/patches/regenerate_parser.c:1142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/as31-2.3.1/debian/patches/regenerate_parser.c:1433:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
+ char yymsgbuf[128];
data/as31-2.3.1/as31/as31_gtk.c:199:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NULL, str, strlen(str));
data/as31-2.3.1/as31/lexer.c:50:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/as31-2.3.1/as31/lexer.c:216:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yylval.value = strlen(buf);
data/as31-2.3.1/as31/lexer.c:218:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *)malloc(strlen(buf) + 1);
data/as31-2.3.1/as31/lexer.c:221:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buf) + 1);
data/as31-2.3.1/as31/parser.c:1295:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/as31-2.3.1/as31/parser.c:2078:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval).value = (yyvsp[(1) - (3)]).value + strlen((yyvsp[(3) - (3)]).str);
data/as31-2.3.1/as31/parser.c:2104:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval).value = strlen((yyvsp[(1) - (1)]).str);
data/as31-2.3.1/as31/run.c:48:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extlen = strlen(extension);
data/as31-2.3.1/as31/run.c:50:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = baselen = strlen(infile);
data/as31-2.3.1/as31/run.c:61:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lstfile, infile, baselen);
data/as31-2.3.1/as31/run.c:70:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfile, infile, baselen);
data/as31-2.3.1/as31/run.c:74:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(customoutfile);
data/as31-2.3.1/as31/run.c:76:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfile, customoutfile, len);
data/as31-2.3.1/as31/run.c:119:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
includePtr=includePtr+strlen(INC_CMD);
data/as31-2.3.1/as31/run.c:145:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(incLineBuffer)) {
data/as31-2.3.1/as31/symbol.c:367:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (p = malloc(strlen(s) + 1)) ) {
data/as31-2.3.1/as31/symbol.c:370:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error("Cannot allocate %d bytes",strlen(s)+1);
data/as31-2.3.1/debian/patches/regenerate_parser.c:993:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/as31-2.3.1/debian/patches/regenerate_parser.c:1898:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
- yyval.value = yyvsp[-2].value + strlen(yyvsp[0].str);
data/as31-2.3.1/debian/patches/regenerate_parser.c:1900:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ (yyval).value = (yyvsp[(1) - (3)]).value + strlen((yyvsp[(3) - (3)]).str);
data/as31-2.3.1/debian/patches/regenerate_parser.c:1930:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
- yyval.value = strlen(yyvsp[0].str);
data/as31-2.3.1/debian/patches/regenerate_parser.c:1933:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ (yyval).value = strlen((yyvsp[(1) - (1)]).str);
ANALYSIS SUMMARY:
Hits = 64
Lines analyzed = 10063 in approximately 0.28 seconds (35334 lines/second)
Physical Source Lines of Code (SLOC) = 7548
Hits@level = [0] 62 [1] 23 [2] 31 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 126 [1+] 64 [2+] 41 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 16.6932 [1+] 8.47907 [2+] 5.4319 [3+] 1.32485 [4+] 1.32485 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.