Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libmpack-1.0.5/src/conv.c Examining data/libmpack-1.0.5/src/conv.h Examining data/libmpack-1.0.5/src/core.c Examining data/libmpack-1.0.5/src/core.h Examining data/libmpack-1.0.5/src/mpack.c Examining data/libmpack-1.0.5/src/object.c Examining data/libmpack-1.0.5/src/object.h Examining data/libmpack-1.0.5/src/rpc.c Examining data/libmpack-1.0.5/src/rpc.h Examining data/libmpack-1.0.5/test/deps/tap/tap.c Examining data/libmpack-1.0.5/test/deps/tap/tap.h Examining data/libmpack-1.0.5/test/fixtures.c Examining data/libmpack-1.0.5/test/fixtures.h Examining data/libmpack-1.0.5/test/mpack.c FINAL RESULTS: data/libmpack-1.0.5/test/deps/tap/tap.c:28:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size = vsnprintf(NULL, 0, fmt, args2) + 2; data/libmpack-1.0.5/test/deps/tap/tap.c:34:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(str, fmt, args); data/libmpack-1.0.5/test/deps/tap/tap.c:261:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, args); data/libmpack-1.0.5/test/fixtures.c:58:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(b, sizeof(b), js_item_pattern, (unsigned int)i); data/libmpack-1.0.5/test/mpack.c:49:21: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bufpos += (size_t)vsnprintf(buf + bufpos, sizeof(buf) - bufpos, fmt, ap); data/libmpack-1.0.5/src/conv.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[sizeof(mpack_uint32_t)]; data/libmpack-1.0.5/src/core.c:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf, tok.data.chunk_ptr + written, count); data/libmpack-1.0.5/src/core.c:152:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf, tokbuf->pending, write_cnt); data/libmpack-1.0.5/src/core.c:254:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->pending + state->ppos, *buf, count); data/libmpack-1.0.5/src/core.c:360:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf, state->pending + state->ppos, count); data/libmpack-1.0.5/src/core.h:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pending[MPACK_MAX_TOKEN_LEN]; data/libmpack-1.0.5/src/object.c:134:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(mpack_one_parser_t) - sizeof(mpack_node_t)); data/libmpack-1.0.5/src/rpc.c:245:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(mpack_rpc_one_session_t) - data/libmpack-1.0.5/test/deps/tap/tap.c:201:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. diag(" got: 0x%02x", ((unsigned char *)got)[offset]); data/libmpack-1.0.5/test/deps/tap/tap.c:202:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. diag(" expected: 0x%02x", ((unsigned char *)expected)[offset]); data/libmpack-1.0.5/test/deps/tap/tap.c:330:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/libmpack-1.0.5/test/fixtures.c:23:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char jsbuf[0xffffff]; data/libmpack-1.0.5/test/fixtures.c:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[sizeof(js_item_pattern) + 1]; data/libmpack-1.0.5/test/fixtures.c:59:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*js + jsoff, b, sizeof(b) - 1); data/libmpack-1.0.5/test/fixtures.c:62:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*mp + mpoff, mp_item_pattern, sizeof(mp_item_pattern)); data/libmpack-1.0.5/test/fixtures.c:63:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*mp + mpoff + 2, b + 2, 5); data/libmpack-1.0.5/test/fixtures.c:102:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*mp + mpoff, mp_item_pattern, sizeof(mp_item_pattern)); data/libmpack-1.0.5/test/fixtures.c:104:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*js + jsoff, js_item_pattern, sizeof(js_item_pattern) - 1); data/libmpack-1.0.5/test/mpack.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[0xffffff]; data/libmpack-1.0.5/test/mpack.c:115:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/libmpack-1.0.5/test/mpack.c:116:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, p, l); data/libmpack-1.0.5/test/mpack.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repr[32]; data/libmpack-1.0.5/test/mpack.c:344:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mpackbuf[256]; data/libmpack-1.0.5/test/mpack.c:533:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *ptr = buf; data/libmpack-1.0.5/test/fixtures.c:156:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t patlen = strlen(pattern); ANALYSIS SUMMARY: Hits = 30 Lines analyzed = 4141 in approximately 0.18 seconds (23006 lines/second) Physical Source Lines of Code (SLOC) = 3634 Hits@level = [0] 20 [1] 1 [2] 24 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 50 [1+] 30 [2+] 29 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 13.7589 [1+] 8.25537 [2+] 7.98019 [3+] 1.37589 [4+] 1.37589 [5+] 0 Symlinks skipped = 1 (--allowlink overrides but see doc for security issue) Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.