Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cwidget-0.5.18/tests/test_threads.cc Examining data/cwidget-0.5.18/tests/test_ssprintf.cc Examining data/cwidget-0.5.18/tests/test_eassert.cc Examining data/cwidget-0.5.18/tests/main.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/widget.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/treeitem.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/tree.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/transient.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/togglebutton.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/text_layout.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/table.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/statuschoice.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/staticitem.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/stacked.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/size_box.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/scrollbar.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/radiogroup.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/passthrough.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/pager.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/multiplex.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/minibuf_win.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/menubar.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/menu.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/layout_item.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/label.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/frame.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/editline.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/container.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/center.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/button.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/bin.cc Examining data/cwidget-0.5.18/src/cwidget/widgets/widget.h Examining data/cwidget-0.5.18/src/cwidget/widgets/treeitem.h Examining data/cwidget-0.5.18/src/cwidget/widgets/tree.h Examining data/cwidget-0.5.18/src/cwidget/widgets/transient.h Examining data/cwidget-0.5.18/src/cwidget/widgets/togglebutton.h Examining data/cwidget-0.5.18/src/cwidget/widgets/text_layout.h Examining data/cwidget-0.5.18/src/cwidget/widgets/table.h Examining data/cwidget-0.5.18/src/cwidget/widgets/subtree.h Examining data/cwidget-0.5.18/src/cwidget/widgets/statuschoice.h Examining data/cwidget-0.5.18/src/cwidget/widgets/staticitem.h Examining data/cwidget-0.5.18/src/cwidget/widgets/stacked.h Examining data/cwidget-0.5.18/src/cwidget/widgets/size_box.h Examining data/cwidget-0.5.18/src/cwidget/widgets/scrollbar.h Examining data/cwidget-0.5.18/src/cwidget/widgets/radiogroup.h Examining data/cwidget-0.5.18/src/cwidget/widgets/passthrough.h Examining data/cwidget-0.5.18/src/cwidget/widgets/pager.h Examining data/cwidget-0.5.18/src/cwidget/widgets/multiplex.h Examining data/cwidget-0.5.18/src/cwidget/widgets/minibuf_win.h Examining data/cwidget-0.5.18/src/cwidget/widgets/menubar.h Examining data/cwidget-0.5.18/src/cwidget/widgets/menu.h Examining data/cwidget-0.5.18/src/cwidget/widgets/layout_item.h Examining data/cwidget-0.5.18/src/cwidget/widgets/label.h Examining data/cwidget-0.5.18/src/cwidget/widgets/frame.h Examining data/cwidget-0.5.18/src/cwidget/widgets/editline.h Examining data/cwidget-0.5.18/src/cwidget/widgets/container.h Examining data/cwidget-0.5.18/src/cwidget/widgets/center.h Examining data/cwidget-0.5.18/src/cwidget/widgets/button.h Examining data/cwidget-0.5.18/src/cwidget/widgets/bin.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/transcode.cc Examining data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.cc Examining data/cwidget-0.5.18/src/cwidget/generic/util/exception.cc Examining data/cwidget-0.5.18/src/cwidget/generic/util/eassert.cc Examining data/cwidget-0.5.18/src/cwidget/generic/util/transcode.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/slotarg.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/ref_ptr.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/exception.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/eassert.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/bool_accumulate.h Examining data/cwidget-0.5.18/src/cwidget/generic/util/i18n.h Examining data/cwidget-0.5.18/src/cwidget/generic/threads/threads.cc Examining data/cwidget-0.5.18/src/cwidget/generic/threads/threads.h Examining data/cwidget-0.5.18/src/cwidget/generic/threads/event_queue.h Examining data/cwidget-0.5.18/src/cwidget/config/keybindings.cc Examining data/cwidget-0.5.18/src/cwidget/config/column_definition.cc Examining data/cwidget-0.5.18/src/cwidget/config/colors.cc Examining data/cwidget-0.5.18/src/cwidget/config/keybindings.h Examining data/cwidget-0.5.18/src/cwidget/config/column_definition.h Examining data/cwidget-0.5.18/src/cwidget/config/colors.h Examining data/cwidget-0.5.18/src/cwidget/testcwidget.cc Examining data/cwidget-0.5.18/src/cwidget/toplevel.cc Examining data/cwidget-0.5.18/src/cwidget/style.cc Examining data/cwidget-0.5.18/src/cwidget/fragment_cache.cc Examining data/cwidget-0.5.18/src/cwidget/fragment.cc Examining data/cwidget-0.5.18/src/cwidget/dialogs.cc Examining data/cwidget-0.5.18/src/cwidget/curses++.cc Examining data/cwidget-0.5.18/src/cwidget/columnify.cc Examining data/cwidget-0.5.18/src/cwidget/toplevel.h Examining data/cwidget-0.5.18/src/cwidget/style.h Examining data/cwidget-0.5.18/src/cwidget/fragment_contents.h Examining data/cwidget-0.5.18/src/cwidget/fragment_cache.h Examining data/cwidget-0.5.18/src/cwidget/fragment.h Examining data/cwidget-0.5.18/src/cwidget/dialogs.h Examining data/cwidget-0.5.18/src/cwidget/curses++.h Examining data/cwidget-0.5.18/src/cwidget/columnify.h Examining data/cwidget-0.5.18/cwidget-config.h FINAL RESULTS: data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.cc:52:23: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. const int amt = vsnprintf(buf, initbufsize, format, ap); data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.cc:64:21: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. const int amt2 = vsnprintf(buf2, buf2size, format, ap2); data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.cc:109:14: [4] (format) vswprintf: Potential format string problem (CWE-134). Make format string constant. int amt = vswprintf(buf, bufsize, format, ap2); data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.h:33:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 1, 2))) data/cwidget-0.5.18/src/cwidget/widgets/pager.cc:475:4: [4] (format) swprintf: Potential format string problem (CWE-134). Make format string constant. swprintf(buf, sizeof(buf)/sizeof(wchar_t), data/cwidget-0.5.18/src/cwidget/config/keybindings.cc:448:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t tmp[2]; data/cwidget-0.5.18/src/cwidget/curses++.cc:239:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (fd=open("/dev/tty",O_RDONLY)!=-1)) data/cwidget-0.5.18/src/cwidget/curses++.cc:384:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t dummy[2]; data/cwidget-0.5.18/src/cwidget/curses++.h:129:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { return (char_type*) memcpy (s1, s2, n*sizeof(char_type)); } data/cwidget-0.5.18/src/cwidget/curses++.h:153:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { return (char_type*) memcpy (s1, s2, n*sizeof(char_type)); } data/cwidget-0.5.18/src/cwidget/curses++.h:458:7: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t tmp[2]; data/cwidget-0.5.18/src/cwidget/fragment.cc:1349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/cwidget-0.5.18/src/cwidget/generic/util/ssprintf.cc:51:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[initbufsize]; data/cwidget-0.5.18/src/cwidget/testcwidget.cc:164:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/cwidget-0.5.18/src/cwidget/testcwidget.cc:237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/cwidget-0.5.18/src/cwidget/testcwidget.cc:263:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/cwidget-0.5.18/src/cwidget/widgets/pager.cc:420:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd=open(filename.c_str(), O_RDONLY, 0644); data/cwidget-0.5.18/src/cwidget/widgets/pager.cc:473:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[512]; data/cwidget-0.5.18/src/cwidget/widgets/table.cc:30:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *debug=fopen("/tmp/cwidget.log", "w"); data/cwidget-0.5.18/src/cwidget/generic/util/transcode.cc:163:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t errbufsize = strlen(errbuf); data/cwidget-0.5.18/src/cwidget/generic/util/transcode.cc:249:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s, strlen(s), result_size, "WCHAR_T"); data/cwidget-0.5.18/src/cwidget/generic/util/transcode.cc:315:8: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcslen(s)*sizeof(wchar_t), data/cwidget-0.5.18/src/cwidget/testcwidget.cc:302:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file_pager_ref pager=file_pager::create(s, strlen(s)); data/cwidget-0.5.18/src/cwidget/toplevel.cc:236:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ::write(fd, s, strlen(s)); data/cwidget-0.5.18/tests/test_ssprintf.cc:40:15: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(const std::wstring &x, const std::wstring &y) ANALYSIS SUMMARY: Hits = 25 Lines analyzed = 24075 in approximately 0.62 seconds (38743 lines/second) Physical Source Lines of Code (SLOC) = 15709 Hits@level = [0] 54 [1] 6 [2] 14 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 79 [1+] 25 [2+] 19 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 5.02896 [1+] 1.59144 [2+] 1.2095 [3+] 0.318289 [4+] 0.318289 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.