Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcbor-0.5.0+dfsg/demo/hello_cbor.c
Examining data/libcbor-0.5.0+dfsg/examples/cjson2cbor.c
Examining data/libcbor-0.5.0+dfsg/examples/create_items.c
Examining data/libcbor-0.5.0+dfsg/examples/hello.c
Examining data/libcbor-0.5.0+dfsg/examples/readfile.c
Examining data/libcbor-0.5.0+dfsg/examples/sort.c
Examining data/libcbor-0.5.0+dfsg/examples/streaming_parser.c
Examining data/libcbor-0.5.0+dfsg/src/allocators.c
Examining data/libcbor-0.5.0+dfsg/src/cbor.c
Examining data/libcbor-0.5.0+dfsg/src/cbor.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/arrays.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/arrays.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/bytestrings.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/bytestrings.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/callbacks.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/callbacks.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/common.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/common.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/data.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/encoding.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/encoding.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/floats_ctrls.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/floats_ctrls.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/builder_callbacks.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/builder_callbacks.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/encoders.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/encoders.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/loaders.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/loaders.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/memory_utils.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/memory_utils.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/stack.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/stack.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/unicode.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/internal/unicode.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/ints.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/ints.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/maps.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/maps.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/serialization.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/serialization.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/streaming.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/streaming.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/strings.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/strings.h
Examining data/libcbor-0.5.0+dfsg/src/cbor/tags.c
Examining data/libcbor-0.5.0+dfsg/src/cbor/tags.h
Examining data/libcbor-0.5.0+dfsg/test/assertions.c
Examining data/libcbor-0.5.0+dfsg/test/assertions.h
Examining data/libcbor-0.5.0+dfsg/test/bad_inputs_test.c
Examining data/libcbor-0.5.0+dfsg/test/callbacks_test.c
Examining data/libcbor-0.5.0+dfsg/test/cbor_serialize_test.c
Examining data/libcbor-0.5.0+dfsg/test/cbor_stream_decode_test.c
Examining data/libcbor-0.5.0+dfsg/test/copy_test.c
Examining data/libcbor-0.5.0+dfsg/test/cpp_linkage_test.cpp
Examining data/libcbor-0.5.0+dfsg/test/fuzz_test.c
Examining data/libcbor-0.5.0+dfsg/test/pretty_printer_test.c
Examining data/libcbor-0.5.0+dfsg/test/stream_expectations.c
Examining data/libcbor-0.5.0+dfsg/test/stream_expectations.h
Examining data/libcbor-0.5.0+dfsg/test/type_0_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_0_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_1_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_1_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_2_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_2_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_3_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_3_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_4_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_4_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_5_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_5_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_6_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_6_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_7_encoders_test.c
Examining data/libcbor-0.5.0+dfsg/test/type_7_test.c
Examining data/libcbor-0.5.0+dfsg/test/unicode_test.c
FINAL RESULTS:
data/libcbor-0.5.0+dfsg/src/cbor/common.h:50:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); \
data/libcbor-0.5.0+dfsg/test/fuzz_test.c:82:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/libcbor-0.5.0+dfsg/examples/cjson2cbor.c:128:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(argv[1], "rb");
data/libcbor-0.5.0+dfsg/examples/readfile.c:26:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(argv[1], "rb");
data/libcbor-0.5.0+dfsg/examples/streaming_parser.c:42:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(argv[1], "rb");
data/libcbor-0.5.0+dfsg/src/cbor/bytestrings.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(content, handle, length);
data/libcbor-0.5.0+dfsg/src/cbor/internal/builder_callbacks.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_handle, data, length);
data/libcbor-0.5.0+dfsg/src/cbor/internal/builder_callbacks.c:225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_handle, data, length);
data/libcbor-0.5.0+dfsg/src/cbor/serialization.c:117:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + written, cbor_bytestring_handle(item), length);
data/libcbor-0.5.0+dfsg/src/cbor/serialization.c:151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + written, cbor_string_handle(item), length);
data/libcbor-0.5.0+dfsg/src/cbor/strings.c:45:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle, val, len);
data/libcbor-0.5.0+dfsg/src/cbor/strings.c:54:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle, val, length);
data/libcbor-0.5.0+dfsg/test/cbor_serialize_test.c:21:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/pretty_printer_test.c:21:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE * outfile = tmpfile();
data/libcbor-0.5.0+dfsg/test/type_0_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_1_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_2_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_3_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_4_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_5_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_6_encoders_test.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/test/type_7_encoders_test.c:18:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[512];
data/libcbor-0.5.0+dfsg/examples/cjson2cbor.c:91:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callbacks->string(context, (unsigned char *)source->valuestring, strlen(source->valuestring));
data/libcbor-0.5.0+dfsg/examples/cjson2cbor.c:109:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callbacks->string(context, (unsigned char *) item->string, strlen(item->string));
data/libcbor-0.5.0+dfsg/examples/readfile.c:40:128: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("There was an error while reading the input near byte %zu (read %zu bytes in total): ", result.error.position, result.read);
data/libcbor-0.5.0+dfsg/examples/streaming_parser.c:33:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (len == strlen(key)) {
data/libcbor-0.5.0+dfsg/examples/streaming_parser.c:59:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read += decode_result.read;
data/libcbor-0.5.0+dfsg/src/cbor.c:67:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (source_size > result->read) { /* Check for overflows */
data/libcbor-0.5.0+dfsg/src/cbor.c:69:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source + result->read,
data/libcbor-0.5.0+dfsg/src/cbor.c:70:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source_size - result->read,
data/libcbor-0.5.0+dfsg/src/cbor.c:76:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
.position = result->read
data/libcbor-0.5.0+dfsg/src/cbor.c:85:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result->read += decode_result.read;
data/libcbor-0.5.0+dfsg/src/cbor.c:119:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result->error.position = result->read;
data/libcbor-0.5.0+dfsg/src/cbor/data.h:188:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/libcbor-0.5.0+dfsg/src/cbor/data.h:203:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/libcbor-0.5.0+dfsg/src/cbor/streaming.c:14:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (required > (provided - result->read)) {
data/libcbor-0.5.0+dfsg/src/cbor/strings.c:43:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(val);
data/libcbor-0.5.0+dfsg/test/assertions.c:38:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void assert_decoder_result(size_t read, enum cbor_decoder_status status, struct cbor_decoder_result result)
data/libcbor-0.5.0+dfsg/test/assertions.c:40:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert_true(read == result.read);
data/libcbor-0.5.0+dfsg/test/callbacks_test.c:23:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < 79) {
data/libcbor-0.5.0+dfsg/test/callbacks_test.c:24:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct cbor_decoder_result result = cbor_stream_decode(data + read, 79 - read, &cbor_empty_callbacks, NULL);
data/libcbor-0.5.0+dfsg/test/callbacks_test.c:24:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct cbor_decoder_result result = cbor_stream_decode(data + read, 79 - read, &cbor_empty_callbacks, NULL);
data/libcbor-0.5.0+dfsg/test/callbacks_test.c:25:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read += result.read;
data/libcbor-0.5.0+dfsg/test/cbor_serialize_test.c:135:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char *) data, "Hello world!", 12);
data/libcbor-0.5.0+dfsg/test/cbor_serialize_test.c:148:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char *) data, "Hello world!", 12);
data/libcbor-0.5.0+dfsg/test/type_3_test.c:222:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert_memory_equal(cbor_string_handle(string), "Hello!", strlen("Hello!"));
data/libcbor-0.5.0+dfsg/test/type_5_test.c:105:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("example glossary")
data/libcbor-0.5.0+dfsg/test/type_5_test.c:145:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert_int_equal(res.read, 13);
data/libcbor-0.5.0+dfsg/test/type_5_test.c:175:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert_int_equal(res.read, 14);
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 10276 in approximately 0.36 seconds (28918 lines/second)
Physical Source Lines of Code (SLOC) = 7137
Hits@level = [0] 51 [1] 27 [2] 20 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 100 [1+] 49 [2+] 22 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 14.0115 [1+] 6.86563 [2+] 3.08253 [3+] 0.28023 [4+] 0.140115 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.