Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ascii2binary-2.14/exitcodes.h
Examining data/ascii2binary-2.14/GetWord.c
Examining data/ascii2binary-2.14/a2b_endian.h
Examining data/ascii2binary-2.14/ascii2binary.c
Examining data/ascii2binary-2.14/exitcodes.c
Examining data/ascii2binary-2.14/MachineInfo.c
Examining data/ascii2binary-2.14/binfmt.c
Examining data/ascii2binary-2.14/endian.c
Examining data/ascii2binary-2.14/binary2ascii.c
FINAL RESULTS:
data/ascii2binary-2.14/binary2ascii.c:550:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(format,tmpstr);
data/ascii2binary-2.14/binary2ascii.c:553:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(format,tmpstr);
data/ascii2binary-2.14/binary2ascii.c:620:40: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if(BSIGNED == Binary_Type) printf(format,*((char *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:621:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(format,*((unsigned char *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:629:40: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if(BSIGNED == Binary_Type) printf(format,*((short *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:630:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(format,*((unsigned short *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:638:40: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if(BSIGNED == Binary_Type) printf(format,*((int *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:639:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(format,*((unsigned int *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:647:40: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if(BSIGNED == Binary_Type) printf(format,*((long *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:648:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(format,*((unsigned long *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:656:40: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if(BSIGNED == Binary_Type) printf(format,*((long long *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:657:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else printf(format,*((unsigned long long *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:660:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format,*((float *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:663:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format,*((double *)inbufptr));
data/ascii2binary-2.14/binary2ascii.c:667:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format,*((long double *)inbufptr));
data/ascii2binary-2.14/ascii2binary.c:66:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int ac,
data/ascii2binary-2.14/ascii2binary.c:72:10: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
return(getopt(ac,av,sopts));
data/ascii2binary-2.14/ascii2binary.c:207:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((Flag = getopt_long(ac,av,":b:hL:st:VvX",&opts[0],&lgoindex)) != EOF){
data/ascii2binary-2.14/binary2ascii.c:64:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int ac,
data/ascii2binary-2.14/binary2ascii.c:70:10: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
return(getopt(ac,av,sopts));
data/ascii2binary-2.14/binary2ascii.c:252:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((Flag = getopt_long(ac,av,":b:DdehlL:n:o:p:st:Vvw:XxZz",&opts[0],&lgoindex)) != EOF){
data/ascii2binary-2.14/binary2ascii.c:186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[TMPSIZE];
data/ascii2binary-2.14/binary2ascii.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32]; /* Print format which we will construct */
data/ascii2binary-2.14/binary2ascii.c:318:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Items_Per_Line = atoi(optarg);
data/ascii2binary-2.14/binary2ascii.c:321:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Start_Byte_Offset = atol(optarg);
data/ascii2binary-2.14/binary2ascii.c:324:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Precision = atoi(optarg);
data/ascii2binary-2.14/binary2ascii.c:395:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Field_Width = atoi(optarg);
data/ascii2binary-2.14/binary2ascii.c:545:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(Mark_Hex_P && Base == 16) strcat(format,"0x");
data/ascii2binary-2.14/binary2ascii.c:566:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(format,"hh");
data/ascii2binary-2.14/binary2ascii.c:575:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(format,"ll");
data/ascii2binary-2.14/binfmt.c:49:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [CBITS+1];
data/ascii2binary-2.14/binfmt.c:64:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [SBITS+1];
data/ascii2binary-2.14/binfmt.c:79:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [IBITS+1];
data/ascii2binary-2.14/binfmt.c:94:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [LBITS+1];
data/ascii2binary-2.14/binfmt.c:109:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [QBITS+1];
data/ascii2binary-2.14/GetWord.c:53:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=getc(fp);
data/ascii2binary-2.14/ascii2binary.c:286:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) < 2){
data/ascii2binary-2.14/binary2ascii.c:360:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) < 2){
data/ascii2binary-2.14/binary2ascii.c:546:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(format,"%");
data/ascii2binary-2.14/binary2ascii.c:547:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Delimit_P) strcat(format,"\'");
data/ascii2binary-2.14/binary2ascii.c:548:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Zero_Pad_P) strcat(format,"0");
data/ascii2binary-2.14/binary2ascii.c:557:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Binary_Size == BLDOUBLE) strcat(format,"L");
data/ascii2binary-2.14/binary2ascii.c:559:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Exponential_P) strcat(format,"e");
data/ascii2binary-2.14/binary2ascii.c:560:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat(format,"f");
data/ascii2binary-2.14/binary2ascii.c:569:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(format,"h");
data/ascii2binary-2.14/binary2ascii.c:572:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(format,"l");
data/ascii2binary-2.14/binary2ascii.c:583:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(format,"o");
data/ascii2binary-2.14/binary2ascii.c:586:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Binary_Type == BSIGNED) strcat(format,"d");
data/ascii2binary-2.14/binary2ascii.c:587:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat(format,"u");
data/ascii2binary-2.14/binary2ascii.c:590:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(format,"X");
data/ascii2binary-2.14/binary2ascii.c:605:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (Bytes_Read = read(infd,&cb,1))){
data/ascii2binary-2.14/binary2ascii.c:615:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (Bytes_Read=read(infd,inbufptr,Item_Size)) == Item_Size){
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 1692 in approximately 0.10 seconds (17475 lines/second)
Physical Source Lines of Code (SLOC) = 1407
Hits@level = [0] 194 [1] 17 [2] 14 [3] 6 [4] 15 [5] 0
Hits@level+ = [0+] 246 [1+] 52 [2+] 35 [3+] 21 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 174.84 [1+] 36.9581 [2+] 24.8756 [3+] 14.9254 [4+] 10.661 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.