Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hyphen-show-20000425/hyphen_show.c

FINAL RESULTS:

data/hyphen-show-20000425/hyphen_show.c:305:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(tns,pp+2);
data/hyphen-show-20000425/hyphen_show.c:311:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tns_alt, tns);
data/hyphen-show-20000425/hyphen_show.c:351:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
   return strcat(strncpy(&wortanf[0],&stra[k],n-k),&ht[0]);
data/hyphen-show-20000425/hyphen_show.c:401:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else  strcpy(&neu[neu_max][0],tcp);
data/hyphen-show-20000425/hyphen_show.c:466:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        tgesp = strcat(ttap,terr);
data/hyphen-show-20000425/hyphen_show.c:468:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(&hh[0],tgesp);
data/hyphen-show-20000425/hyphen_show.c:596:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    font_codep = strcpy(&font_code[0],FONT_CODE_2);
data/hyphen-show-20000425/hyphen_show.c:603:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      { font_codep = strcpy(&font_code[0],v_arg[2]);
data/hyphen-show-20000425/hyphen_show.c:609:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        { hauptdateip = strcpy(&hauptdatei[0],v_arg[3]);
data/hyphen-show-20000425/hyphen_show.c:611:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          { verdateip = strcpy(&verdatei[0],v_arg[4]);}
data/hyphen-show-20000425/hyphen_show.c:615:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      { hauptdateip = strcpy(&hauptdatei[0],v_arg[1]);
data/hyphen-show-20000425/hyphen_show.c:616:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        verdateip = strcpy(&verdatei[0],v_arg[2]);
data/hyphen-show-20000425/hyphen_show.c:625:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    { hauptdateip = strcpy(&hauptdatei[0],v_arg[1]);
data/hyphen-show-20000425/hyphen_show.c:626:36:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (n_arg == 3) {verdateip = strcpy(&verdatei[0],v_arg[2]);};
data/hyphen-show-20000425/hyphen_show.c:648:7:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      fscanf(ver_dat,"%s", & hck[hck_p][0]);
data/hyphen-show-20000425/hyphen_show.c:656:9:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        fscanf(ver_dat,"%s", & hck[hck_p][0]);
data/hyphen-show-20000425/hyphen_show.c:53:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int open(const char *, int,...);
data/hyphen-show-20000425/hyphen_show.c:73:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int open(const char *, int);
data/hyphen-show-20000425/hyphen_show.c:134:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ static char buffer[BUFLEN_E];
data/hyphen-show-20000425/hyphen_show.c:169:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char
data/hyphen-show-20000425/hyphen_show.c:179:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tns_alt[80];
data/hyphen-show-20000425/hyphen_show.c:293:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(&s_puffer[0],"%c %d",(char) code, (int) hw);
data/hyphen-show-20000425/hyphen_show.c:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  { char * pp,tns[80];
data/hyphen-show-20000425/hyphen_show.c:325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  { char ht[2] = {(char)0, (char)0};
data/hyphen-show-20000425/hyphen_show.c:630:21:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    { hauptdateip = strcat(hauptdateip,".dvi");
data/hyphen-show-20000425/hyphen_show.c:634:17:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    ausdateip = strcat(ausdateip,".hyp"); 
data/hyphen-show-20000425/hyphen_show.c:636:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    filed1=open(hauptdateip,O_RDONLY);    
data/hyphen-show-20000425/hyphen_show.c:639:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    a_file=fopen(ausdateip,"w+");    
data/hyphen-show-20000425/hyphen_show.c:644:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    { ver_dat = fopen(verdateip,"r");    
data/hyphen-show-20000425/hyphen_show.c:55:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ssize_t read(int,void *,size_t);
data/hyphen-show-20000425/hyphen_show.c:75:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int read(int,char *,unsigned);
data/hyphen-show-20000425/hyphen_show.c:139:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  {cnt=read(filed1,buffer,BUFLEN_E);
data/hyphen-show-20000425/hyphen_show.c:204:22:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
       seitep[s_p] = strncpy(&seite[s_p][0],&s_puffer[0],s_puffer_p);  
data/hyphen-show-20000425/hyphen_show.c:294:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s_puffer_p = strlen(&s_puffer[0]);
data/hyphen-show-20000425/hyphen_show.c:318:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(str);
data/hyphen-show-20000425/hyphen_show.c:327:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(str);
data/hyphen-show-20000425/hyphen_show.c:332:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&stra[0], &str[k],n-k);
data/hyphen-show-20000425/hyphen_show.c:351:18:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   return strcat(strncpy(&wortanf[0],&stra[k],n-k),&ht[0]);
data/hyphen-show-20000425/hyphen_show.c:356:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(str); 
data/hyphen-show-20000425/hyphen_show.c:364:12:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    return strncpy(&wortend[0],&str[k1],k-k1);
data/hyphen-show-20000425/hyphen_show.c:381:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    k = strlen(str); 
data/hyphen-show-20000425/hyphen_show.c:427:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strlen(str) > 0)
data/hyphen-show-20000425/hyphen_show.c:428:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { cc = (char) str[strlen(str)-1];
data/hyphen-show-20000425/hyphen_show.c:430:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      { str[strlen(str)-1] = (char) 0;}
data/hyphen-show-20000425/hyphen_show.c:434:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (n < strlen(str))
data/hyphen-show-20000425/hyphen_show.c:442:12:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    return strncpy(&hh1[0], &str[n], strlen(&str[n]));
data/hyphen-show-20000425/hyphen_show.c:442:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strncpy(&hh1[0], &str[n], strlen(&str[n]));
data/hyphen-show-20000425/hyphen_show.c:458:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ttapl = strlen(ttap);
data/hyphen-show-20000425/hyphen_show.c:629:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(hauptdateip) <= 4) || (strstr(hauptdateip,".dvi") == 0))
data/hyphen-show-20000425/hyphen_show.c:633:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    ausdateip = strncpy(&ausdatei[0],hauptdateip, strlen(hauptdateip)-4); 
data/hyphen-show-20000425/hyphen_show.c:633:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ausdateip = strncpy(&ausdatei[0],hauptdateip, strlen(hauptdateip)-4); 

ANALYSIS SUMMARY:

Hits = 51
Lines analyzed = 723 in approximately 0.05 seconds (14865 lines/second)
Physical Source Lines of Code (SLOC) = 610
Hits@level = [0]  28 [1]  22 [2]  13 [3]   0 [4]  16 [5]   0
Hits@level+ = [0+]  79 [1+]  51 [2+]  29 [3+]  16 [4+]  16 [5+]   0
Hits/KSLOC@level+ = [0+] 129.508 [1+] 83.6066 [2+] 47.541 [3+] 26.2295 [4+] 26.2295 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.