Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cattle-1.0-1.4.0/tests/program.c
Examining data/cattle-1.0-1.4.0/tests/buffer.c
Examining data/cattle-1.0-1.4.0/tests/references.c
Examining data/cattle-1.0-1.4.0/tests/tape.c
Examining data/cattle-1.0-1.4.0/tests/interpreter.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-program.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-configuration.c
Examining data/cattle-1.0-1.4.0/cattle/cattle.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-tape.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-constants.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-interpreter.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-instruction.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-tape.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-constants.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-error.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-error.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-instruction.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-version.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-buffer.h
Examining data/cattle-1.0-1.4.0/cattle/cattle-buffer.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-interpreter.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-program.c
Examining data/cattle-1.0-1.4.0/cattle/cattle-configuration.h
Examining data/cattle-1.0-1.4.0/examples/common.h
Examining data/cattle-1.0-1.4.0/examples/common.c
Examining data/cattle-1.0-1.4.0/examples/indent.c
Examining data/cattle-1.0-1.4.0/examples/minimize.c
Examining data/cattle-1.0-1.4.0/examples/run.c
FINAL RESULTS:
data/cattle-1.0-1.4.0/cattle/cattle-interpreter.c:933:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read (0, buffer, 256);
data/cattle-1.0-1.4.0/tests/program.c:45:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = cattle_buffer_new (strlen (PROGRAM_UNBALANCED_BRACKETS));
data/cattle-1.0-1.4.0/tests/program.c:122:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = cattle_buffer_new (strlen (PROGRAM_WITHOUT_INPUT));
data/cattle-1.0-1.4.0/tests/program.c:170:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = cattle_buffer_new (strlen (PROGRAM_WITH_INPUT));
data/cattle-1.0-1.4.0/tests/program.c:186:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expected = cattle_buffer_new (strlen (PROGRAM_INPUT));
data/cattle-1.0-1.4.0/tests/program.c:232:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = cattle_buffer_new (strlen (PROGRAM_DOUBLE_LOOP));
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 6885 in approximately 0.20 seconds (34980 lines/second)
Physical Source Lines of Code (SLOC) = 3789
Hits@level = [0] 1 [1] 6 [2] 0 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 7 [1+] 6 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.84745 [1+] 1.58353 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.