Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cfortran-20110621/cfortran.h
Examining data/cfortran-20110621/eg/abc/abc.c
Examining data/cfortran-20110621/eg/cf14/cf14.c
Examining data/cfortran-20110621/eg/e2/e2.c
Examining data/cfortran-20110621/eg/easy/easy.c
Examining data/cfortran-20110621/eg/eq/eq.c
Examining data/cfortran-20110621/eg/f0/f0.c
Examining data/cfortran-20110621/eg/f20/f20.c
Examining data/cfortran-20110621/eg/f27/f27.c
Examining data/cfortran-20110621/eg/fa/fa.c
Examining data/cfortran-20110621/eg/fand/fand.c
Examining data/cfortran-20110621/eg/fb/fb.c
Examining data/cfortran-20110621/eg/fc/fc.c
Examining data/cfortran-20110621/eg/fcb/fcb.c
Examining data/cfortran-20110621/eg/fd/fd.c
Examining data/cfortran-20110621/eg/fe/fe.c
Examining data/cfortran-20110621/eg/ff/ff.c
Examining data/cfortran-20110621/eg/fg/fg.c
Examining data/cfortran-20110621/eg/fh/fh.c
Examining data/cfortran-20110621/eg/fi/fi.c
Examining data/cfortran-20110621/eg/fj/fj.c
Examining data/cfortran-20110621/eg/fk/fk.c
Examining data/cfortran-20110621/eg/fl/fl.c
Examining data/cfortran-20110621/eg/fm/fm.c
Examining data/cfortran-20110621/eg/fn/fn.c
Examining data/cfortran-20110621/eg/forr/forr.c
Examining data/cfortran-20110621/eg/fstr/fstr.c
Examining data/cfortran-20110621/eg/ft/ft.c
Examining data/cfortran-20110621/eg/fun/fun.c
Examining data/cfortran-20110621/eg/fz/fz.c
Examining data/cfortran-20110621/eg/pz/pz.c
Examining data/cfortran-20110621/eg/q/q.c
Examining data/cfortran-20110621/eg/rev/rev.c
Examining data/cfortran-20110621/eg/rr/rr.c
Examining data/cfortran-20110621/eg/ss1/ss1.c
Examining data/cfortran-20110621/eg/strtok/strtok.c
Examining data/cfortran-20110621/eg/sub/sub.c
Examining data/cfortran-20110621/eg/subt/subt.c
Examining data/cfortran-20110621/eg/sz/sz.c
Examining data/cfortran-20110621/eg/sz1/sz1.c
Examining data/cfortran-20110621/eg/user/user.c
Examining data/cfortran-20110621/eg/v7/v7.c
Examining data/cfortran-20110621/eg/vv/vv.c
Examining data/cfortran-20110621/cfortest.c
FINAL RESULTS:
data/cfortran-20110621/cfortest.c:490:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,save);
data/cfortran-20110621/cfortest.c:491:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save,s );
data/cfortran-20110621/cfortest.c:492:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s ,temp);
data/cfortran-20110621/eg/fstr/fstr.c:23:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,save);
data/cfortran-20110621/eg/fstr/fstr.c:24:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save,s );
data/cfortran-20110621/eg/fstr/fstr.c:25:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s ,temp);
data/cfortran-20110621/cfortest.c:211:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char v[13],w[4][13],x[2][3][13]; } FCB_DEF;
data/cfortran-20110621/cfortest.c:217:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cv[14];
data/cfortran-20110621/cfortest.c:218:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cw[4][14] = {"C's w[0]", "C's w[1]", "C's w[2]", "C's w[3]"};
data/cfortran-20110621/cfortest.c:219:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cx[2][3][14] = {{"C's x[0][0]", "C's x[0][1]", "C's x[0][2]"},
data/cfortran-20110621/cfortest.c:395:45: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{printf("cd: had string argument:%s.\n",s); strcpy(s,"to you 12345678");}
data/cfortran-20110621/cfortest.c:476:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
void Pstru(s) char *s; { strcpy(s,"new pstring"); return;}
data/cfortran-20110621/cfortran.h:1513:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define STRING_cfE static char AA0[1+MAX_LEN_FORTRAN_FUNCTION_STRING]; \
data/cfortran-20110621/cfortran.h:1520:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define STRING_cfE static char AA0[1+MAX_LEN_FORTRAN_FUNCTION_STRING]; \
data/cfortran-20110621/cfortran.h:1527:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define STRING_cfE static char A0[1+MAX_LEN_FORTRAN_FUNCTION_STRING]; \
data/cfortran-20110621/cfortran.h:2054:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
((B=_cf_malloc(D+1))[D]='\0', memcpy(B,A,D), kill_trailing(B,' '))
data/cfortran-20110621/cfortran.h:2090:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define RRRRPSTR( A,B,D) if (B) memcpy(A,B, _cfMIN(strlen(B),D)), \
data/cfortran-20110621/cfortran.h:2179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(AS->dsc$a_pointer,A0,_cfMIN(AS->dsc$w_length,(A0==NULL?0:strlen(A0))));\
data/cfortran-20110621/cfortran.h:2186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_fcdtocp(AS),A0, _cfMIN(_fcdlen(AS),(A0==NULL?0:strlen(A0))) ); \
data/cfortran-20110621/cfortran.h:2191:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define STRING_cfK memcpy(AS,A0, _cfMIN(D0,(A0==NULL?0:strlen(A0))) ); \
data/cfortran-20110621/eg/fcb/fcb.c:16:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char v[13],w[4][13],x[2][3][13]; } FCB_DEF;
data/cfortran-20110621/eg/fcb/fcb.c:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cv[14];
data/cfortran-20110621/eg/fcb/fcb.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cw[4][14] = { "C's w[0]", "C's w[1]", "C's w[2]", "C's w[3]"};
data/cfortran-20110621/eg/fcb/fcb.c:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cx[2][3][14] = {{"C's x[0][0]", "C's x[0][1]", "C's x[0][2]"},
data/cfortran-20110621/eg/fd/fd.c:18:45: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{printf("cd: had string argument:%s.\n",s); strcpy(s,"to you 12345678");}
data/cfortran-20110621/eg/fstr/fstr.c:9:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
void Pstru(char *s) { strcpy(s,"new pstring"); return;}
data/cfortran-20110621/cfortest.c:486:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls = strlen(s );
data/cfortran-20110621/cfortest.c:487:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsave = strlen(save);
data/cfortran-20110621/cfortran.h:508:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
data/cfortran-20110621/cfortran.h:1712:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRING_cfC(M,I,A,B,C) (B.clen=strlen(A),B.f.dsc$a_pointer=A, \
data/cfortran-20110621/cfortran.h:1717:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
B.dsc$w_length=strlen(A): (A[C-1]='\0',B.dsc$w_length=strlen(A), \
data/cfortran-20110621/cfortran.h:1717:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
B.dsc$w_length=strlen(A): (A[C-1]='\0',B.dsc$w_length=strlen(A), \
data/cfortran-20110621/cfortran.h:1720:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRING_cfC(M,I,A,B,C) (B.nombre=A,B.clen=strlen(A), \
data/cfortran-20110621/cfortran.h:1723:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PSTRING_cfC(M,I,A,B,C) (C==sizeof(char*)? B=strlen(A): \
data/cfortran-20110621/cfortran.h:1724:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(A[C-1]='\0',B=strlen(A),memset((A)+B,' ',C-B-1),B=C-1));
data/cfortran-20110621/cfortran.h:2090:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define RRRRPSTR( A,B,D) if (B) memcpy(A,B, _cfMIN(strlen(B),D)), \
data/cfortran-20110621/cfortran.h:2091:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(D>strlen(B)?memset(A+strlen(B),' ', D-strlen(B)):0), _cf_free(B);
data/cfortran-20110621/cfortran.h:2091:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(D>strlen(B)?memset(A+strlen(B),' ', D-strlen(B)):0), _cf_free(B);
data/cfortran-20110621/cfortran.h:2091:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(D>strlen(B)?memset(A+strlen(B),' ', D-strlen(B)):0), _cf_free(B);
data/cfortran-20110621/cfortran.h:2179:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(AS->dsc$a_pointer,A0,_cfMIN(AS->dsc$w_length,(A0==NULL?0:strlen(A0))));\
data/cfortran-20110621/cfortran.h:2180:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AS->dsc$w_length>(A0==NULL?0:strlen(A0))? \
data/cfortran-20110621/cfortran.h:2181:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(AS->dsc$a_pointer+(A0==NULL?0:strlen(A0)),' ', \
data/cfortran-20110621/cfortran.h:2182:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AS->dsc$w_length-(A0==NULL?0:strlen(A0))):0;
data/cfortran-20110621/cfortran.h:2186:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(_fcdtocp(AS),A0, _cfMIN(_fcdlen(AS),(A0==NULL?0:strlen(A0))) ); \
data/cfortran-20110621/cfortran.h:2187:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_fcdlen(AS)>(A0==NULL?0:strlen(A0))? \
data/cfortran-20110621/cfortran.h:2188:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(_fcdtocp(AS)+(A0==NULL?0:strlen(A0)),' ', \
data/cfortran-20110621/cfortran.h:2189:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_fcdlen(AS)-(A0==NULL?0:strlen(A0))):0;
data/cfortran-20110621/cfortran.h:2191:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRING_cfK memcpy(AS,A0, _cfMIN(D0,(A0==NULL?0:strlen(A0))) ); \
data/cfortran-20110621/cfortran.h:2192:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D0>(A0==NULL?0:strlen(A0))?memset(AS+(A0==NULL?0:strlen(A0)), \
data/cfortran-20110621/cfortran.h:2192:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D0>(A0==NULL?0:strlen(A0))?memset(AS+(A0==NULL?0:strlen(A0)), \
data/cfortran-20110621/cfortran.h:2193:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
' ', D0-(A0==NULL?0:strlen(A0))):0;
data/cfortran-20110621/eg/fstr/fstr.c:19:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls = strlen(s );
data/cfortran-20110621/eg/fstr/fstr.c:20:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsave = strlen(save);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 4507 in approximately 0.26 seconds (17615 lines/second)
Physical Source Lines of Code (SLOC) = 3348
Hits@level = [0] 155 [1] 27 [2] 20 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 208 [1+] 53 [2+] 26 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 62.1266 [1+] 15.8303 [2+] 7.76583 [3+] 1.79211 [4+] 1.79211 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.