Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dicelab-0.7/tree.h Examining data/dicelab-0.7/par.h Examining data/dicelab-0.7/roll.c Examining data/dicelab-0.7/util.c Examining data/dicelab-0.7/par.c Examining data/dicelab-0.7/util.h Examining data/dicelab-0.7/lex.c Examining data/dicelab-0.7/roll.h Examining data/dicelab-0.7/tree.c Examining data/dicelab-0.7/main.c FINAL RESULTS: data/dicelab-0.7/lex.c:1003:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(yylval.tval, yytext); data/dicelab-0.7/main.c:150:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, optarg); data/dicelab-0.7/par.c:905:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/dicelab-0.7/tree.c:808:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(emsg, "Variable \"%s\" not found", this->varname); data/dicelab-0.7/tree.c:861:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(emsg, "Variable \"%s\" not found", this->varname); data/dicelab-0.7/main.c:88:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/dicelab-0.7/main.c:100:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(margc, margv, "?hvprecn:f:t:", data/dicelab-0.7/lex.c:853:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yylval.ival = atoi(yytext); data/dicelab-0.7/main.c:126:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cmd_count = atoi(optarg); data/dicelab-0.7/main.c:174:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen(fname, "r"); data/dicelab-0.7/par.c:1202:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/dicelab-0.7/par.c:1219:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yyformat[sizeof yyunexpected data/dicelab-0.7/par.c:1387:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/dicelab-0.7/tree.c:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdata, data, count * sizeof(int)); data/dicelab-0.7/tree.c:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cdata[count], cv->values, cv->count * sizeof(int)); data/dicelab-0.7/tree.c:109:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nst->rvalue->values, cv->values, sizeof(int) * cv->count); data/dicelab-0.7/tree.c:144:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current->values, data, current->count * sizeof(int)); data/dicelab-0.7/tree.c:262:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data__[YYNODESTATE_BLKSIZ]; data/dicelab-0.7/tree.c:799:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->values, nst->rvalue->values, data/dicelab-0.7/tree.c:854:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->values, nst->rvalue->values, sizeof(int) * nst->rvalue->count); data/dicelab-0.7/tree.c:1337:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rv->values[rv->count], roll->values, data/dicelab-0.7/tree.c:1395:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cret->values[cp], index[pos[i]]->values, data/dicelab-0.7/tree.c:1568:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rv1->values[rv1->count], rv2->values, data/dicelab-0.7/tree.c:1590:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cret->values, ce1->values, ce1->count * sizeof(int)); data/dicelab-0.7/tree.c:1591:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cret->values[ce1->count], ce2->values, data/dicelab-0.7/tree.c:1683:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nst->rvalue->values, ccnt->values, sizeof(int) * ccnt->count); data/dicelab-0.7/tree.c:1750:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret->values[ret->count], cur->values, data/dicelab-0.7/tree.c:1796:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->values, cret->values, data/dicelab-0.7/tree.c:1798:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&item->values[cret->count], ccur->values, data/dicelab-0.7/tree.c:1869:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret->values[ret->count], cur->values, sizeof(int) * cur->count); data/dicelab-0.7/tree.c:1879:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret->values[ret->count], cur->values, data/dicelab-0.7/tree.c:2020:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&exp->values[0], &exp->values[exp->count - i], data/dicelab-0.7/tree.c:2070:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cret->values, &cexp->values[cexp->count - cret->count], data/dicelab-0.7/tree.c:2076:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cret->values, cexp->values, cret->count * sizeof(int)); data/dicelab-0.7/tree.c:2138:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&exp->values[0], &exp->values[exp->count - num->values[0]], data/dicelab-0.7/tree.c:2182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cret->values, cexp->values, cret->count * sizeof(int)); data/dicelab-0.7/tree.c:2187:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cret->values, &cexp->values[cexp->count - cret->count], data/dicelab-0.7/tree.c:2251:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slist, exp->values, sizeof(int) * exp->count); data/dicelab-0.7/tree.c:2325:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slist, cexp->values, sizeof(int) * cexp->count); data/dicelab-0.7/tree.c:2427:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slist, exp->values, sizeof(int) * exp->count); data/dicelab-0.7/tree.c:2503:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slist, cexp->values, sizeof(int) * cexp->count); data/dicelab-0.7/lex.c:659:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/dicelab-0.7/lex.c:1002:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). yylval.tval = (char*)malloc((strlen(yytext)+1) * sizeof(char)); data/dicelab-0.7/lex.c:1754:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes(yystr,strlen(yystr) ); data/dicelab-0.7/main.c:148:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname = (char*)malloc((strlen(optarg)+1)*sizeof(char)); data/dicelab-0.7/par.c:1083:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/dicelab-0.7/tree.c:807:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *emsg = (char*)malloc(sizeof(char)*22+strlen(this->varname)); data/dicelab-0.7/tree.c:860:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *emsg = (char*)malloc(sizeof(char)*22+strlen(this->varname)); ANALYSIS SUMMARY: Hits = 48 Lines analyzed = 9792 in approximately 0.27 seconds (36319 lines/second) Physical Source Lines of Code (SLOC) = 7799 Hits@level = [0] 67 [1] 7 [2] 34 [3] 2 [4] 5 [5] 0 Hits@level+ = [0+] 115 [1+] 48 [2+] 41 [3+] 7 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 14.7455 [1+] 6.15464 [2+] 5.25708 [3+] 0.897551 [4+] 0.641108 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.