Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/fzy-1.0/deps/greatest/greatest.h Examining data/fzy-1.0/deps/theft/theft.c Examining data/fzy-1.0/deps/theft/theft.h Examining data/fzy-1.0/deps/theft/theft_bloom.c Examining data/fzy-1.0/deps/theft/theft_bloom.h Examining data/fzy-1.0/deps/theft/theft_hash.c Examining data/fzy-1.0/deps/theft/theft_mt.c Examining data/fzy-1.0/deps/theft/theft_mt.h Examining data/fzy-1.0/deps/theft/theft_types.h Examining data/fzy-1.0/deps/theft/theft_types_internal.h Examining data/fzy-1.0/src/bonus.h Examining data/fzy-1.0/src/choices.c Examining data/fzy-1.0/src/choices.h Examining data/fzy-1.0/src/config.def.h Examining data/fzy-1.0/src/fzy.c Examining data/fzy-1.0/src/match.c Examining data/fzy-1.0/src/match.h Examining data/fzy-1.0/src/options.c Examining data/fzy-1.0/src/options.h Examining data/fzy-1.0/src/tty.c Examining data/fzy-1.0/src/tty.h Examining data/fzy-1.0/src/tty_interface.c Examining data/fzy-1.0/src/tty_interface.h Examining data/fzy-1.0/test/fzytest.c Examining data/fzy-1.0/test/test_choices.c Examining data/fzy-1.0/test/test_match.c Examining data/fzy-1.0/test/test_properties.c FINAL RESULTS: data/fzy-1.0/deps/greatest/greatest.h:128:26: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define GREATEST_FPRINTF fprintf data/fzy-1.0/src/options.c:23:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage_str, argv0); data/fzy-1.0/src/tty.c:183:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(tty->fout, fmt, args); data/fzy-1.0/src/tty_interface.c:113:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(state->last_search, state->search); data/fzy-1.0/src/tty_interface.c:322:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(state->input, s); data/fzy-1.0/src/options.c:55:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "vhse:q:l:t:p:j:", longopts, NULL)) != -1) { data/fzy-1.0/deps/greatest/greatest.h:215:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad_0[2]; data/fzy-1.0/deps/greatest/greatest.h:229:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad_0[2]; data/fzy-1.0/src/match.c:14:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char accept[3] = {c, toupper(c), 0}; data/fzy-1.0/src/tty.c:31:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tty->fdin = open(tty_filename, O_RDONLY); data/fzy-1.0/src/tty.c:37:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tty->fout = fopen(tty_filename, "w"); data/fzy-1.0/src/tty_interface.c:372:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[2] = {tty_getchar(state->tty), '\0'}; data/fzy-1.0/src/tty_interface.c:382:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1] = ""; data/fzy-1.0/src/tty_interface.h:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search[SEARCH_SIZE_MAX + 1]; data/fzy-1.0/src/tty_interface.h:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_search[SEARCH_SIZE_MAX + 1]; data/fzy-1.0/src/tty_interface.h:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[32]; /* Pending input buffer */ data/fzy-1.0/test/test_choices.c:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *strings[N]; data/fzy-1.0/deps/greatest/greatest.h:192:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. greatest_equal_cb *equal; data/fzy-1.0/deps/greatest/greatest.h:676:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filter_len = filter ? strlen(filter) : 0; \ data/fzy-1.0/deps/greatest/greatest.h:854:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. eq = type_info->equal(exp, got, udata); \ data/fzy-1.0/src/match.c:35:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(needle); data/fzy-1.0/src/match.c:36:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int m = strlen(haystack); data/fzy-1.0/src/match.c:61:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int m = strlen(haystack); data/fzy-1.0/src/match.c:74:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(needle); data/fzy-1.0/src/match.c:75:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int m = strlen(haystack); data/fzy-1.0/src/tty.c:88:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int size = read(tty->fdin, &ch, 1); data/fzy-1.0/src/tty_interface.c:38:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(search); data/fzy-1.0/src/tty_interface.c:145:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(state->search); data/fzy-1.0/src/tty_interface.c:168:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&state->search[cursor], &state->search[original_cursor], strlen(state->search) - original_cursor + 1); data/fzy-1.0/src/tty_interface.c:173:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(state->search, &state->search[state->cursor], strlen(state->search) - state->cursor + 1); data/fzy-1.0/src/tty_interface.c:200:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (state->cursor < strlen(state->search)) { data/fzy-1.0/src/tty_interface.c:212:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->cursor = strlen(state->search); data/fzy-1.0/src/tty_interface.c:231:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(state->search, choices_get(state->choices, state->choices->selection), SEARCH_SIZE_MAX); data/fzy-1.0/src/tty_interface.c:232:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->cursor = strlen(state->search); data/fzy-1.0/src/tty_interface.c:245:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t search_size = strlen(search); data/fzy-1.0/src/tty_interface.c:260:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(state->input, ""); data/fzy-1.0/src/tty_interface.c:261:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(state->search, ""); data/fzy-1.0/src/tty_interface.c:262:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(state->last_search, ""); data/fzy-1.0/src/tty_interface.c:267:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(state->search, options->init_search, SEARCH_SIZE_MAX); data/fzy-1.0/src/tty_interface.c:269:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->cursor = strlen(state->search); data/fzy-1.0/src/tty_interface.c:331:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(input, keybindings[i].key, strlen(state->input))) data/fzy-1.0/src/tty_interface.c:338:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(input, ""); data/fzy-1.0/src/tty_interface.c:359:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(input, ""); data/fzy-1.0/test/test_properties.c:41:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(str); data/fzy-1.0/test/test_properties.c:58:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(str); data/fzy-1.0/test/test_properties.c:65:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(str); data/fzy-1.0/test/test_properties.c:122:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(needle); ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 4541 in approximately 0.14 seconds (32574 lines/second) Physical Source Lines of Code (SLOC) = 3327 Hits@level = [0] 41 [1] 30 [2] 11 [3] 1 [4] 5 [5] 0 Hits@level+ = [0+] 88 [1+] 47 [2+] 17 [3+] 6 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 26.4503 [1+] 14.1268 [2+] 5.10971 [3+] 1.80343 [4+] 1.50286 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.