Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/flwrap-1.3.5/src/wrapdialog.cxx
Examining data/flwrap-1.3.5/src/include/wrapdialog.h
Examining data/flwrap-1.3.5/src/include/base64.h
Examining data/flwrap-1.3.5/src/include/flwrap.h
Examining data/flwrap-1.3.5/src/include/wraprc.h
Examining data/flwrap-1.3.5/src/include/crc16.h
Examining data/flwrap-1.3.5/src/flwrap.cxx
Examining data/flwrap-1.3.5/src/base64.cxx
Examining data/flwrap-1.3.5/src/lzma/Alloc.h
Examining data/flwrap-1.3.5/src/lzma/Types.h
Examining data/flwrap-1.3.5/src/lzma/LzmaEnc.c
Examining data/flwrap-1.3.5/src/lzma/LzmaDec.h
Examining data/flwrap-1.3.5/src/lzma/Alloc.c
Examining data/flwrap-1.3.5/src/lzma/LzFind.c
Examining data/flwrap-1.3.5/src/lzma/LzmaLib.c
Examining data/flwrap-1.3.5/src/lzma/LzmaLib.h
Examining data/flwrap-1.3.5/src/lzma/LzmaEnc.h
Examining data/flwrap-1.3.5/src/lzma/LzmaDec.c
Examining data/flwrap-1.3.5/src/lzma/LzHash.h
Examining data/flwrap-1.3.5/src/lzma/LzFind.h
FINAL RESULTS:
data/flwrap-1.3.5/src/flwrap.cxx:153:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sz1, s1);
data/flwrap-1.3.5/src/flwrap.cxx:154:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sz2, s2);
data/flwrap-1.3.5/src/flwrap.cxx:206:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outprops[LZMA_PROPS_SIZE];
data/flwrap-1.3.5/src/flwrap.cxx:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/flwrap-1.3.5/src/flwrap.cxx:246:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inprops[LZMA_PROPS_SIZE];
data/flwrap-1.3.5/src/flwrap.cxx:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inprops, in + strlen(LZMA_STR) + sizeof(uint32_t), LZMA_PROPS_SIZE);
data/flwrap-1.3.5/src/flwrap.cxx:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/flwrap-1.3.5/src/flwrap.cxx:305:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/flwrap-1.3.5/src/flwrap.cxx:446:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
textfile.open(inpfilename.c_str(), ios::binary);
data/flwrap-1.3.5/src/flwrap.cxx:469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1000];
data/flwrap-1.3.5/src/include/crc16.h:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[5];
data/flwrap-1.3.5/src/include/crc16.h:17:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ss,"%04X", crcval);
data/flwrap-1.3.5/src/lzma/LzmaDec.c:789:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/flwrap-1.3.5/src/lzma/LzmaDec.c:877:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->data, curSize);
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:380:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:381:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:397:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:398:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:401:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:408:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
data/flwrap-1.3.5/src/lzma/LzmaEnc.c:2120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, data, size);
data/flwrap-1.3.5/src/flwrap.cxx:150:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *sz1 = new char[strlen(s1) + 1];
data/flwrap-1.3.5/src/flwrap.cxx:151:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *sz2 = new char[strlen(s2) + 1];
data/flwrap-1.3.5/src/flwrap.cxx:155:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(sz1); i++) sz1[i] = toupper(sz1[i]);
data/flwrap-1.3.5/src/flwrap.cxx:156:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(sz2); i++) sz2[i] = toupper(sz2[i]);
data/flwrap-1.3.5/src/flwrap.cxx:219:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input.reserve(strlen(LZMA_STR) + sizeof(origlen) + sizeof(outprops) + outlen);
data/flwrap-1.3.5/src/flwrap.cxx:239:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t outlen = ntohl(*reinterpret_cast<const uint32_t*>(in + strlen(LZMA_STR)));
data/flwrap-1.3.5/src/flwrap.cxx:247:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(inprops, in + strlen(LZMA_STR) + sizeof(uint32_t), LZMA_PROPS_SIZE);
data/flwrap-1.3.5/src/flwrap.cxx:249:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inlen = input.length() - strlen(LZMA_STR) - sizeof(uint32_t) - LZMA_PROPS_SIZE;
data/flwrap-1.3.5/src/flwrap.cxx:312:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(wrap_beg) + (iscrlf ? strlen(wrap_crlf) : strlen(wrap_lf)) +
data/flwrap-1.3.5/src/flwrap.cxx:312:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(wrap_beg) + (iscrlf ? strlen(wrap_crlf) : strlen(wrap_lf)) +
data/flwrap-1.3.5/src/flwrap.cxx:312:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(wrap_beg) + (iscrlf ? strlen(wrap_crlf) : strlen(wrap_lf)) +
data/flwrap-1.3.5/src/flwrap.cxx:313:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inptext.length() + strlen(wrap_chksum) + check.length() + 1 + strlen(wrap_end);
data/flwrap-1.3.5/src/flwrap.cxx:313:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inptext.length() + strlen(wrap_chksum) + check.length() + 1 + strlen(wrap_end);
data/flwrap-1.3.5/src/flwrap.cxx:343:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 += strlen(wrap_crlf);
data/flwrap-1.3.5/src/flwrap.cxx:350:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 += strlen(wrap_lf);
data/flwrap-1.3.5/src/flwrap.cxx:357:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p3 = p2 + strlen(wrap_chksum);
data/flwrap-1.3.5/src/flwrap.cxx:387:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outshortname.erase(0, strlen(wrap_fn));
data/flwrap-1.3.5/src/flwrap.cxx:419:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 += strlen(b64_start);
ANALYSIS SUMMARY:
Hits = 56
Lines analyzed = 5947 in approximately 0.17 seconds (35839 lines/second)
Physical Source Lines of Code (SLOC) = 4787
Hits@level = [0] 24 [1] 18 [2] 36 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 80 [1+] 56 [2+] 38 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 16.7119 [1+] 11.6983 [2+] 7.93817 [3+] 0.417798 [4+] 0.417798 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.