Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fped-0.1+201210/bitset.c
Examining data/fped-0.1+201210/bitset.h
Examining data/fped-0.1+201210/coord.c
Examining data/fped-0.1+201210/coord.h
Examining data/fped-0.1+201210/cpp.c
Examining data/fped-0.1+201210/cpp.h
Examining data/fped-0.1+201210/delete.c
Examining data/fped-0.1+201210/delete.h
Examining data/fped-0.1+201210/dump.c
Examining data/fped-0.1+201210/dump.h
Examining data/fped-0.1+201210/error.c
Examining data/fped-0.1+201210/error.h
Examining data/fped-0.1+201210/expr.c
Examining data/fped-0.1+201210/expr.h
Examining data/fped-0.1+201210/file.c
Examining data/fped-0.1+201210/file.h
Examining data/fped-0.1+201210/fpd.h
Examining data/fped-0.1+201210/fped.c
Examining data/fped-0.1+201210/fped.h
Examining data/fped-0.1+201210/gnuplot.c
Examining data/fped-0.1+201210/gnuplot.h
Examining data/fped-0.1+201210/gui.c
Examining data/fped-0.1+201210/gui.h
Examining data/fped-0.1+201210/gui_canvas.c
Examining data/fped-0.1+201210/gui_canvas.h
Examining data/fped-0.1+201210/gui_frame.c
Examining data/fped-0.1+201210/gui_frame.h
Examining data/fped-0.1+201210/gui_frame_drag.c
Examining data/fped-0.1+201210/gui_frame_drag.h
Examining data/fped-0.1+201210/gui_inst.c
Examining data/fped-0.1+201210/gui_inst.h
Examining data/fped-0.1+201210/gui_meas.c
Examining data/fped-0.1+201210/gui_meas.h
Examining data/fped-0.1+201210/gui_over.c
Examining data/fped-0.1+201210/gui_over.h
Examining data/fped-0.1+201210/gui_status.c
Examining data/fped-0.1+201210/gui_status.h
Examining data/fped-0.1+201210/gui_style.c
Examining data/fped-0.1+201210/gui_style.h
Examining data/fped-0.1+201210/gui_tool.c
Examining data/fped-0.1+201210/gui_tool.h
Examining data/fped-0.1+201210/gui_util.c
Examining data/fped-0.1+201210/gui_util.h
Examining data/fped-0.1+201210/hole.c
Examining data/fped-0.1+201210/hole.h
Examining data/fped-0.1+201210/inst.c
Examining data/fped-0.1+201210/inst.h
Examining data/fped-0.1+201210/kicad.c
Examining data/fped-0.1+201210/kicad.h
Examining data/fped-0.1+201210/layer.c
Examining data/fped-0.1+201210/layer.h
Examining data/fped-0.1+201210/meas.c
Examining data/fped-0.1+201210/meas.h
Examining data/fped-0.1+201210/obj.c
Examining data/fped-0.1+201210/obj.h
Examining data/fped-0.1+201210/overlap.c
Examining data/fped-0.1+201210/overlap.h
Examining data/fped-0.1+201210/postscript.c
Examining data/fped-0.1+201210/tsort.c
Examining data/fped-0.1+201210/tsort.h
Examining data/fped-0.1+201210/unparse.c
Examining data/fped-0.1+201210/unparse.h
Examining data/fped-0.1+201210/util.c
Examining data/fped-0.1+201210/util.h
Examining data/fped-0.1+201210/postscript.h
FINAL RESULTS:
data/fped-0.1+201210/cpp.c:121:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execvp(cpp_command,(char **) cpp_argv) < 0) {
data/fped-0.1+201210/dump.c:430:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, name);
data/fped-0.1+201210/error.c:42:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(NULL, 0, fmt, ap);
data/fped-0.1+201210/error.c:46:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, n+1, fmt, ap);
data/fped-0.1+201210/error.h:26:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/fped-0.1+201210/error.h:32:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/fped-0.1+201210/expr.c:72:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s^%d", unit, n.exponent);
data/fped-0.1+201210/expr.c:558:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf+i, value_string);
data/fped-0.1+201210/gui_canvas.c:32:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINTF(fmt, ...) fprintf(stderr, fmt "\n", ##__VA_ARGS__)
data/fped-0.1+201210/gui_frame.c:733:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/fped-0.1+201210/gui_over.c:29:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINTF(fmt, ...) fprintf(stderr, fmt "\n", ##__VA_ARGS__)
data/fped-0.1+201210/gui_status.h:62:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3))) \
data/fped-0.1+201210/postscript.c:839:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, pad_type_name(type));
data/fped-0.1+201210/unparse.c:53:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", a, op, b);
data/fped-0.1+201210/unparse.c:65:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", op, a);
data/fped-0.1+201210/unparse.c:80:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s(%s)", name, tmp);
data/fped-0.1+201210/unparse.c:94:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "(%s)", temp);
data/fped-0.1+201210/util.c:32:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(NULL, 0, fmt, aq);
data/fped-0.1+201210/util.c:35:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, n+1, fmt, ap);
data/fped-0.1+201210/util.h:62:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/fped-0.1+201210/fped.c:151:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "1:gkps:D:I:KPTU:")) != EOF)
data/fped-0.1+201210/bitset.c:51:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->v, old->v, bytes);
data/fped-0.1+201210/dump.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10]; /* plenty */
data/fped-0.1+201210/dump.c:285:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "__%d", n);
data/fped-0.1+201210/dump.c:396:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *meas_type_name[mt_n] = {
data/fped-0.1+201210/dump.c:420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, walk->frame->name, n);
data/fped-0.1+201210/dump.c:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, base->frame->name, n);
data/fped-0.1+201210/expr.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20]; /* @@@ plenty */
data/fped-0.1+201210/expr.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100]; /* enough :-) */
data/fped-0.1+201210/file.c:66:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, "w");
data/fped-0.1+201210/fped.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[sizeof(MACHINE_GENERATED)];
data/fped-0.1+201210/fped.c:43:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, "r");
data/fped-0.1+201210/fped.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[2];
data/fped-0.1+201210/gui_frame.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/fped-0.1+201210/gui_util.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20]; /* plenty */
data/fped-0.1+201210/gui_util.c:342:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "__dbg%04d.png", buf_num++);
data/fped-0.1+201210/postscript.c:823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[20]; /* @@@ plenty :) */
data/fped-0.1+201210/unparse.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/fped-0.1+201210/cpp.c:177:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (left = strlen(str); left; left -= wrote) {
data/fped-0.1+201210/dump.c:411:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(name)+1; /* vec\0 */
data/fped-0.1+201210/dump.c:413:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(walk->frame->name)+1; /* frame/ */
data/fped-0.1+201210/dump.c:415:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(base->frame->name)+1; /* frame. */
data/fped-0.1+201210/dump.c:419:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(walk->frame->name);
data/fped-0.1+201210/dump.c:425:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(base->frame->name);
data/fped-0.1+201210/expr.c:497:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
data/fped-0.1+201210/expr.c:553:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = strlen(value_string);
data/fped-0.1+201210/postscript.c:448:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return width/strlen(s)*TEXT_HEIGHT_FACTOR*zoom;
data/fped-0.1+201210/postscript.c:501:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(s)*height;
data/fped-0.1+201210/unparse.c:52:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(op)+strlen(a)+strlen(b)+1);
data/fped-0.1+201210/unparse.c:52:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(op)+strlen(a)+strlen(b)+1);
data/fped-0.1+201210/unparse.c:52:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(op)+strlen(a)+strlen(b)+1);
data/fped-0.1+201210/unparse.c:64:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(op)+strlen(a)+1);
data/fped-0.1+201210/unparse.c:64:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(op)+strlen(a)+1);
data/fped-0.1+201210/unparse.c:79:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(name)+strlen(tmp)+3);
data/fped-0.1+201210/unparse.c:79:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(name)+strlen(tmp)+3);
data/fped-0.1+201210/unparse.c:93:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = alloc_size(strlen(temp)+3);
data/fped-0.1+201210/util.h:50:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strnalloc_tmp, (s), (n)); \
ANALYSIS SUMMARY:
Hits = 57
Lines analyzed = 18049 in approximately 0.53 seconds (33963 lines/second)
Physical Source Lines of Code (SLOC) = 12651
Hits@level = [0] 257 [1] 19 [2] 17 [3] 1 [4] 20 [5] 0
Hits@level+ = [0+] 314 [1+] 57 [2+] 38 [3+] 21 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 24.8202 [1+] 4.50557 [2+] 3.00372 [3+] 1.65995 [4+] 1.5809 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.