Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/freexl-1.0.6/src/freexl.c
Examining data/freexl-1.0.6/config-msvc.h
Examining data/freexl-1.0.6/tests/check_excel2003_biff4.c
Examining data/freexl-1.0.6/tests/check_oocalc97.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff4_workbook.c
Examining data/freexl-1.0.6/tests/check_oocalc95.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff3_error_checks.c
Examining data/freexl-1.0.6/tests/open_oocalc97.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff3_info.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff8.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff3.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff2.c
Examining data/freexl-1.0.6/tests/check_oocalc97_intvalue.c
Examining data/freexl-1.0.6/tests/walk_sst_oocalc97.c
Examining data/freexl-1.0.6/tests/open_excel2003.c
Examining data/freexl-1.0.6/tests/check_datetime_biff8.c
Examining data/freexl-1.0.6/tests/check_boolean_biff8.c
Examining data/freexl-1.0.6/tests/open_oocalc95.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff4_1904.c
Examining data/freexl-1.0.6/tests/walk_fat_oocalc97.c
Examining data/freexl-1.0.6/tests/check_excel2003_biff5_workbook.c
Examining data/freexl-1.0.6/headers/freexl_internals.h
Examining data/freexl-1.0.6/headers/freexl.h
Examining data/freexl-1.0.6/examples/xl2sql.c
Examining data/freexl-1.0.6/examples/test_xl.c
FINAL RESULTS:
data/freexl-1.0.6/examples/xl2sql.c:59:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s_%02u", prefix, index);
data/freexl-1.0.6/src/freexl.c:649:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, buf);
data/freexl-1.0.6/src/freexl.c:699:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, buf);
data/freexl-1.0.6/src/freexl.c:749:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, buf);
data/freexl-1.0.6/src/freexl.c:804:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, buf);
data/freexl-1.0.6/src/freexl.c:843:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, buf);
data/freexl-1.0.6/examples/xl2sql.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/freexl-1.0.6/examples/xl2sql.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_name[2048];
data/freexl-1.0.6/headers/freexl_internals.h:88:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[2];
data/freexl-1.0.6/headers/freexl_internals.h:94:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4];
data/freexl-1.0.6/headers/freexl_internals.h:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[8];
data/freexl-1.0.6/headers/freexl_internals.h:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[8]; /* magic signature */
data/freexl-1.0.6/headers/freexl_internals.h:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char classid[16]; /* Classid [usually zero] */
data/freexl-1.0.6/headers/freexl_internals.h:135:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fat_sector_map[436]; /* first 109 FAT sectors */
data/freexl-1.0.6/headers/freexl_internals.h:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /* file name */
data/freexl-1.0.6/headers/freexl_internals.h:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char classid[16]; /* Classid [unused] */
data/freexl-1.0.6/headers/freexl_internals.h:264:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sector_buf[8192]; /* currently buffered sector(s) */
data/freexl-1.0.6/headers/freexl_internals.h:278:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char record[8224]; /* current record */
data/freexl-1.0.6/src/freexl.c:346:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, p_string, 2);
data/freexl-1.0.6/src/freexl.c:355:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, p_string, 4);
data/freexl-1.0.6/src/freexl.c:391:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string, p_string, len);
data/freexl-1.0.6/src/freexl.c:410:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, bytes, 4);
data/freexl-1.0.6/src/freexl.c:432:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, bytes, 4);
data/freexl-1.0.6/src/freexl.c:444:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, bytes, 4);
data/freexl-1.0.6/src/freexl.c:452:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word_float.bytes, word32.bytes, 4);
data/freexl-1.0.6/src/freexl.c:454:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word_float.bytes + 4, word32.bytes, 4);
data/freexl-1.0.6/src/freexl.c:616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/freexl-1.0.6/src/freexl.c:644:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%04d-%02d-%02d", yy, mm, dd);
data/freexl-1.0.6/src/freexl.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/freexl-1.0.6/src/freexl.c:694:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%04d-%02d-%02d 00:00:00", yy, mm, dd);
data/freexl-1.0.6/src/freexl.c:716:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/freexl-1.0.6/src/freexl.c:744:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%04d-%02d-%02d", yy, mm, dd);
data/freexl-1.0.6/src/freexl.c:766:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/freexl-1.0.6/src/freexl.c:799:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%04d-%02d-%02d %02d:%02d:%02d", yy, mm, dd, h, m, s);
data/freexl-1.0.6/src/freexl.c:821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/freexl-1.0.6/src/freexl.c:838:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%02d:%02d:%02d", h, m, s);
data/freexl-1.0.6/src/freexl.c:1406:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/freexl-1.0.6/src/freexl.c:1426:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fat.bytes, p_buf, 4);
data/freexl-1.0.6/src/freexl.c:1506:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/freexl-1.0.6/src/freexl.c:1530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fat.bytes, p_buf, 4);
data/freexl-1.0.6/src/freexl.c:1614:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fat.bytes, p_fat, 4);
data/freexl-1.0.6/src/freexl.c:1674:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/freexl-1.0.6/src/freexl.c:1708:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (miniStream + len, buf, size);
data/freexl-1.0.6/src/freexl.c:1761:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (n_strings.bytes, workbook->record + 4, 4);
data/freexl-1.0.6/src/freexl.c:1825:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (utf16_buf + (utf16_off * 2), p_string, len * 2);
data/freexl-1.0.6/src/freexl.c:1877:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, p_string, 2);
data/freexl-1.0.6/src/freexl.c:1919:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (utf16_buf, p_string, available);
data/freexl-1.0.6/src/freexl.c:2047:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/freexl-1.0.6/src/freexl.c:2062:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_type.bytes, buf, 2);
data/freexl-1.0.6/src/freexl.c:2063:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_size.bytes, buf + 2, 2);
data/freexl-1.0.6/src/freexl.c:2091:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2237:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (utf8_name, "Worksheet");
data/freexl-1.0.6/src/freexl.c:2266:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/freexl-1.0.6/src/freexl.c:2273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_type.bytes, buf, 2);
data/freexl-1.0.6/src/freexl.c:2274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_size.bytes, buf + 2, 2);
data/freexl-1.0.6/src/freexl.c:2309:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_type.bytes, buf, 2);
data/freexl-1.0.6/src/freexl.c:2310:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_size.bytes, buf + 2, 2);
data/freexl-1.0.6/src/freexl.c:2337:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2396:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string, p_string, len);
data/freexl-1.0.6/src/freexl.c:2414:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2423:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string, p_string, len);
data/freexl-1.0.6/src/freexl.c:2490:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2494:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 6, 2);
data/freexl-1.0.6/src/freexl.c:2499:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (utf8_name, "Worksheet");
data/freexl-1.0.6/src/freexl.c:2540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2544:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2552:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 7, 2);
data/freexl-1.0.6/src/freexl.c:2608:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2612:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2623:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word_float.bytes, workbook->record + 7, 8);
data/freexl-1.0.6/src/freexl.c:2631:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 4, 2);
data/freexl-1.0.6/src/freexl.c:2635:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word_float.bytes, workbook->record + 6, 8);
data/freexl-1.0.6/src/freexl.c:2687:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2691:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2740:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2748:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 4, 2);
data/freexl-1.0.6/src/freexl.c:2752:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, workbook->record + 6, 4);
data/freexl-1.0.6/src/freexl.c:2841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2845:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:2857:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 6, 2);
data/freexl-1.0.6/src/freexl.c:2865:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string, p_string, len);
data/freexl-1.0.6/src/freexl.c:2968:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:2991:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3039:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3053:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3071:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4096];
data/freexl-1.0.6/src/freexl.c:3085:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (offset.bytes, workbook->record, 4);
data/freexl-1.0.6/src/freexl.c:3097:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name, workbook->record + 7, len);
data/freexl-1.0.6/src/freexl.c:3121:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name, workbook->record + 8, len);
data/freexl-1.0.6/src/freexl.c:3151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, workbook->record + 4, 4);
data/freexl-1.0.6/src/freexl.c:3155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 10, 2);
data/freexl-1.0.6/src/freexl.c:3163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 6, 2);
data/freexl-1.0.6/src/freexl.c:3213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string, p_string, len);
data/freexl-1.0.6/src/freexl.c:3241:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3284:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3313:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3325:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 4, 2);
data/freexl-1.0.6/src/freexl.c:3329:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word_float.bytes, workbook->record + 6, 8);
data/freexl-1.0.6/src/freexl.c:3372:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3376:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3413:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3417:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3425:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 4, 2);
data/freexl-1.0.6/src/freexl.c:3429:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, workbook->record + 6, 4);
data/freexl-1.0.6/src/freexl.c:3508:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3512:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + off, 2);
data/freexl-1.0.6/src/freexl.c:3527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, workbook->record + off + 2, 4);
data/freexl-1.0.6/src/freexl.c:3611:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3615:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3623:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 6, 2);
data/freexl-1.0.6/src/freexl.c:3633:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string, p_string, len);
data/freexl-1.0.6/src/freexl.c:3683:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record, 2);
data/freexl-1.0.6/src/freexl.c:3687:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word16.bytes, workbook->record + 2, 2);
data/freexl-1.0.6/src/freexl.c:3695:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (word32.bytes, workbook->record + 6, 4);
data/freexl-1.0.6/src/freexl.c:3746:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workbook->sector_buf,
data/freexl-1.0.6/src/freexl.c:3824:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_type.bytes, workbook->p_in, 2);
data/freexl-1.0.6/src/freexl.c:3826:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_size.bytes, workbook->p_in, 2);
data/freexl-1.0.6/src/freexl.c:3863:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workbook->record, workbook->p_in, chunk);
data/freexl-1.0.6/src/freexl.c:3879:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workbook->record + already_done, workbook->p_in,
data/freexl-1.0.6/src/freexl.c:3885:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workbook->record + already_done, workbook->p_in,
data/freexl-1.0.6/src/freexl.c:3894:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workbook->record, workbook->p_in, workbook->record_size);
data/freexl-1.0.6/src/freexl.c:3925:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_type.bytes, workbook->p_in, 2);
data/freexl-1.0.6/src/freexl.c:3927:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (record_size.bytes, workbook->p_in, 2);
data/freexl-1.0.6/src/freexl.c:3946:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workbook->record, workbook->p_in, workbook->record_size);
data/freexl-1.0.6/src/freexl.c:4012:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dir_block[4096];
data/freexl-1.0.6/src/freexl.c:4105:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
workbook->xls = fopen (path, "rb");
data/freexl-1.0.6/src/freexl.c:645:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/freexl-1.0.6/src/freexl.c:695:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/freexl-1.0.6/src/freexl.c:745:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/freexl-1.0.6/src/freexl.c:800:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/freexl-1.0.6/src/freexl.c:839:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/freexl-1.0.6/src/freexl.c:1970:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (utf8_string); i++)
ANALYSIS SUMMARY:
Hits = 149
Lines analyzed = 11947 in approximately 0.42 seconds (28412 lines/second)
Physical Source Lines of Code (SLOC) = 9217
Hits@level = [0] 776 [1] 6 [2] 137 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 925 [1+] 149 [2+] 143 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 100.358 [1+] 16.1658 [2+] 15.5148 [3+] 0.650971 [4+] 0.650971 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.