stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/distlib-0.3.1/PC/launcher.c

FINAL RESULTS:

data/distlib-0.3.1/PC/launcher.c:134:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t message[MSGSIZE];
data/distlib-0.3.1/PC/launcher.c:155:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[MSGSIZE];
data/distlib-0.3.1/PC/launcher.c:171:8:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static wchar_t script_path[MAX_PATH];
data/distlib-0.3.1/PC/launcher.c:188:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char
data/distlib-0.3.1/PC/launcher.c:200:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        p = (char *) memchr(bp, pattern[0], n);
data/distlib-0.3.1/PC/launcher.c:308:8:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static wchar_t path_executable[MSGSIZE];
data/distlib-0.3.1/PC/launcher.c:467:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t emessage[MSGSIZE];
data/distlib-0.3.1/PC/launcher.c:565:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_PATH];
data/distlib-0.3.1/PC/launcher.c:566:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t wbuffer[MAX_PATH];
data/distlib-0.3.1/PC/launcher.c:568:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t dbuffer[MAX_PATH];
data/distlib-0.3.1/PC/launcher.c:569:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t pbuffer[MAX_PATH];
data/distlib-0.3.1/PC/launcher.c:619:9:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    n = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, p, (int) (cp - p), wbuffer, MAX_PATH);
data/distlib-0.3.1/PC/launcher.c:218:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    size_t read;
data/distlib-0.3.1/PC/launcher.c:233:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    p = find_pattern(buffer, read, end_cdr_sig, sizeof(end_cdr_sig));
data/distlib-0.3.1/PC/launcher.c:252:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        p = find_pattern(big_buffer, read, end_cdr_sig, sizeof(end_cdr_sig));
data/distlib-0.3.1/PC/launcher.c:276:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    assert(read > 0, "Unable to read from file");
data/distlib-0.3.1/PC/launcher.c:287:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        assert(read > 0, "Unable to read from file");
data/distlib-0.3.1/PC/launcher.c:659:11:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = wcslen(wcp) + wcslen(wp) + 8 + wcslen(psp) + wcslen(cmdline);
data/distlib-0.3.1/PC/launcher.c:659:25:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = wcslen(wcp) + wcslen(wp) + 8 + wcslen(psp) + wcslen(cmdline);
data/distlib-0.3.1/PC/launcher.c:659:42:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = wcslen(wcp) + wcslen(wp) + 8 + wcslen(psp) + wcslen(cmdline);
data/distlib-0.3.1/PC/launcher.c:659:56:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = wcslen(wcp) + wcslen(wp) + 8 + wcslen(psp) + wcslen(cmdline);

ANALYSIS SUMMARY:

Hits = 21
Lines analyzed = 683 in approximately 0.12 seconds (5899 lines/second)
Physical Source Lines of Code (SLOC) = 530
Hits@level = [0]   7 [1]   9 [2]  12 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  28 [1+]  21 [2+]  12 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 52.8302 [1+] 39.6226 [2+] 22.6415 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.