Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hexedit-1.5/display.c
Examining data/hexedit-1.5/file.c
Examining data/hexedit-1.5/hexedit.c
Examining data/hexedit-1.5/hexedit.h
Examining data/hexedit-1.5/interact.c
Examining data/hexedit-1.5/mark.c
Examining data/hexedit-1.5/misc.c
Examining data/hexedit-1.5/page.c
Examining data/hexedit-1.5/search.c
FINAL RESULTS:
data/hexedit-1.5/display.c:287:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*last) strcpy(p, *last); else ret = FALSE;
data/hexedit-1.5/hexedit.h:43:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DIE(M) { exitCurses(); fprintf(stderr, M, progName); exit(1); }
data/hexedit-1.5/interact.c:317:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(args[0], args);
data/hexedit-1.5/display.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/file.c:29:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fileName, O_RDWR)) == -1) {
data/hexedit-1.5/file.c:31:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fileName, O_RDONLY)) == -1) {
data/hexedit-1.5/file.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, tmp[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/hexedit.c:73:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lineLength = atoi(*argv + 2);
data/hexedit-1.5/hexedit.c:76:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lineLength = atoi(*argv);
data/hexedit-1.5/interact.c:309:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[3];
data/hexedit-1.5/interact.c:546:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/mark.c:53:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copyBuffer + p->base - min,
data/hexedit-1.5/mark.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/mark.c:79:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = open(tmp, O_RDONLY)) != -1) {
data/hexedit-1.5/mark.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/mark.c:115:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
for (i = 0; i < l1 - l2 + 1; i += l2) memcpy(tmp1 + i, tmp2, l2);
data/hexedit-1.5/mark.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1 + i, tmp2, l1 - i);
data/hexedit-1.5/misc.c:68:19: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char *) bcopy(str, new, len);
data/hexedit-1.5/misc.c:91:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (a) memcpy(p, a, la);
data/hexedit-1.5/misc.c:92:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (b) memcpy(p + la, b, lb);
data/hexedit-1.5/misc.c:93:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (c) memcpy(p + la + lb, c, lc);
data/hexedit-1.5/page.c:83:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + q->base - min, q->vals, q->size);
data/hexedit-1.5/page.c:84:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + base - min, vals, size);
data/hexedit-1.5/page.c:85:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + p->base - min, p->vals, p->size);
data/hexedit-1.5/page.c:92:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + q->base - min, q->vals, q->size);
data/hexedit-1.5/page.c:93:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + base - min, vals, size);
data/hexedit-1.5/page.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, vals, size);
data/hexedit-1.5/page.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + p->base - base, p->vals, p->size);
data/hexedit-1.5/page.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->vals, vals, size);
data/hexedit-1.5/page.c:133:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->vals, p->vals + base + size - p->base, q->size);
data/hexedit-1.5/search.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*string, tmp, *sizea);
data/hexedit-1.5/search.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *string, tmp[BLOCK_SEARCH_SIZE], tmpstr[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/search.c:71:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"searching... 0x%08llX", (long long) blockstart);
data/hexedit-1.5/search.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *string, tmp[BLOCK_SEARCH_SIZE], tmpstr[BLOCK_SEARCH_SIZE];
data/hexedit-1.5/search.c:102:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"searching... 0x%08llX", (long long) blockstart);
data/hexedit-1.5/display.c:250:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
move(line, (COLS - strlen(msg)) / 2);
data/hexedit-1.5/display.c:299:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = s + strlen(s) - 1; p >= s; p--) ungetch(*p);
data/hexedit-1.5/display.c:311:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = sscanf(tmp + strlen("0x"), "%llx", &n);
data/hexedit-1.5/file.c:66:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbBytes = read(fd, buffer, page);
data/hexedit-1.5/file.c:124:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &c, 1) == 1) {
data/hexedit-1.5/hexedit.c:72:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strbeginswith(*argv, "-l") && strlen(*argv) > 2)
data/hexedit-1.5/mark.c:45:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (LSEEK_(fd, mark_min) == -1 || read(fd, copyBuffer, sizeCopyBuffer) == -1) {
data/hexedit-1.5/mark.c:107:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(tmp2);
data/hexedit-1.5/mark.c:109:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp2) == 1) {
data/hexedit-1.5/misc.c:64:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str) + 1;
data/hexedit-1.5/misc.c:82:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(a, prefix, strlen(prefix)) == 0;
data/hexedit-1.5/misc.c:87:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t la = a ? strlen(a) : 0;
data/hexedit-1.5/misc.c:88:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lb = b ? strlen(b) : 0;
data/hexedit-1.5/misc.c:89:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lc = c ? strlen(c) : 0;
data/hexedit-1.5/search.c:33:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*sizea = strlen(tmp);
data/hexedit-1.5/search.c:67:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sizeb = read(fd, tmp, BLOCK_SEARCH_SIZE)) < sizea) quit = -3;
data/hexedit-1.5/search.c:97:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sizeb != read(fd, tmp, sizeb)) quit = -3;
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 2151 in approximately 0.10 seconds (21202 lines/second)
Physical Source Lines of Code (SLOC) = 1611
Hits@level = [0] 5 [1] 17 [2] 32 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 57 [1+] 52 [2+] 35 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 35.3818 [1+] 32.2781 [2+] 21.7256 [3+] 1.8622 [4+] 1.8622 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.