Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/crasm-1.8/src/cpu.h
Examining data/crasm-1.8/src/cpu6502.c
Examining data/crasm-1.8/src/cpu6800.c
Examining data/crasm-1.8/src/cpulist.c
Examining data/crasm-1.8/src/cpuz80.c
Examining data/crasm-1.8/src/filter.c
Examining data/crasm-1.8/src/macro.c
Examining data/crasm-1.8/src/operator.c
Examining data/crasm-1.8/src/output.c
Examining data/crasm-1.8/src/parse.c
Examining data/crasm-1.8/src/pseudos.c
Examining data/crasm-1.8/src/scode.c
Examining data/crasm-1.8/src/stdvocabulary.c
Examining data/crasm-1.8/src/version.h
Examining data/crasm-1.8/src/xref.c
Examining data/crasm-1.8/src/crasm.c
Examining data/crasm-1.8/src/dcl.h
Examining data/crasm-1.8/src/label.c
Examining data/crasm-1.8/src/label.h
FINAL RESULTS:
data/crasm-1.8/src/crasm.c:421:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(raw,"%7d ERROR: %c%s",linenumber,c,s+1);
data/crasm-1.8/src/crasm.c:442:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(raw,"%7d WARNING: %c%s",linenumber,c,s+1);
data/crasm-1.8/src/macro.c:308:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (*where)->line , s1 );
data/crasm-1.8/src/macro.c:495:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curlinesav,curline);
data/crasm-1.8/src/macro.c:562:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(curline,curlinesav);
data/crasm-1.8/src/output.c:63:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title,s);
data/crasm-1.8/src/xref.c:75:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer,msgs[label->type],label->modifier);
data/crasm-1.8/src/crasm.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curline[256];
data/crasm-1.8/src/crasm.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, sizeof(jmp_buf));
data/crasm-1.8/src/crasm.c:133:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(filename,"r");
data/crasm-1.8/src/crasm.c:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[80];
data/crasm-1.8/src/crasm.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[80];
data/crasm-1.8/src/filter.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4000];
data/crasm-1.8/src/label.c:72:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localname[LABLEN+2];
data/crasm-1.8/src/label.c:85:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(s,"%d",segment);
data/crasm-1.8/src/label.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[LABLEN];
data/crasm-1.8/src/macro.c:242:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1 /* variable */ ];
data/crasm-1.8/src/macro.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[LABLEN+1];
data/crasm-1.8/src/macro.c:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*replace)[60];
data/crasm-1.8/src/macro.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*replace)[60];
data/crasm-1.8/src/macro.c:456:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(oper,"r");
data/crasm-1.8/src/macro.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char replace[9][60];
data/crasm-1.8/src/macro.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curlinesav[256];
data/crasm-1.8/src/output.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuffer[256];
data/crasm-1.8/src/output.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[31] ="";
data/crasm-1.8/src/output.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linnum[10];
data/crasm-1.8/src/output.c:213:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(linnum," ");
data/crasm-1.8/src/output.c:222:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( linnum,"%5d",linenumber );
data/crasm-1.8/src/output.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/crasm-1.8/src/output.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/crasm-1.8/src/scode.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[16];
data/crasm-1.8/src/scode.c:57:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scode = fopen ( scodename,"w" );
data/crasm-1.8/src/xref.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[RECLEN+2];
data/crasm-1.8/src/xref.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[40];
data/crasm-1.8/src/xref.c:113:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"ERRORS: %4d",errnumber);
data/crasm-1.8/src/xref.c:115:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"WARNINGS: %4d",warnnumber);
data/crasm-1.8/src/xref.c:120:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer," Last address %8lx (%ld)",pc-1,pc-1);
data/crasm-1.8/src/xref.c:122:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer," Code length %8lx (%ld)",codelen,codelen);
data/crasm-1.8/src/label.c:51:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(name)>LABLEN )
data/crasm-1.8/src/label.c:138:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q->name,localname,LABLEN);
data/crasm-1.8/src/label.c:231:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q->name,localname,LABLEN);
data/crasm-1.8/src/macro.c:277:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mname,label,LABLEN);
data/crasm-1.8/src/macro.c:306:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( s1 ) );
data/crasm-1.8/src/macro.c:513:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(replace[numarg],arg1,59);
data/crasm-1.8/src/macro.c:517:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(replace[numarg],oper,59);
data/crasm-1.8/src/output.c:60:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > 30)
data/crasm-1.8/src/xref.c:76:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
position(newpos-LABLEN-2-strlen(buffer));
ANALYSIS SUMMARY:
Hits = 47
Lines analyzed = 4846 in approximately 0.16 seconds (29795 lines/second)
Physical Source Lines of Code (SLOC) = 3516
Hits@level = [0] 14 [1] 9 [2] 31 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 61 [1+] 47 [2+] 38 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 17.3493 [1+] 13.3675 [2+] 10.8077 [3+] 1.9909 [4+] 1.9909 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.