Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libticonv-1.1.5/src/charset.c Examining data/libticonv-1.1.5/src/charset.h Examining data/libticonv-1.1.5/src/export4.h Examining data/libticonv-1.1.5/src/filename.c Examining data/libticonv-1.1.5/src/iconv.c Examining data/libticonv-1.1.5/src/stdints4.h Examining data/libticonv-1.1.5/src/ticonv.c Examining data/libticonv-1.1.5/src/ticonv.h Examining data/libticonv-1.1.5/src/tokens.c Examining data/libticonv-1.1.5/src/type2str.c Examining data/libticonv-1.1.5/tests/test_ticonv.c Examining data/libticonv-1.1.5/tests/torture_ticonv.c FINAL RESULTS: data/libticonv-1.1.5/src/charset.c:172:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ti, tmp); data/libticonv-1.1.5/src/ticonv.c:201:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ti, tmp); data/libticonv-1.1.5/src/ticonv.c:469:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, tmp); data/libticonv-1.1.5/src/ticonv.c:583:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, tmp); data/libticonv-1.1.5/src/ticonv.c:692:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, tmp); data/libticonv-1.1.5/src/ticonv.c:832:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, tmp); data/libticonv-1.1.5/src/charset.c:84:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(utf16, tmp, 2 * ticonv_utf16_strlen(tmp)); data/libticonv-1.1.5/src/filename.c:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, str2, (iw+1) * sizeof(unsigned short)); data/libticonv-1.1.5/src/filename.c:179:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, str2, (iw+1) * sizeof(gunichar2)); data/libticonv-1.1.5/src/filename.c:304:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, str, strlen(str) + 1); data/libticonv-1.1.5/src/iconv.c:96:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp+tempsize,temp2,temp2size); data/libticonv-1.1.5/src/iconv.c:156:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[3]; data/libticonv-1.1.5/src/ticonv.c:303:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(utf16, tmp, 2*ticonv_utf16_strlen(tmp)); data/libticonv-1.1.5/tests/test_ticonv.c:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ti82_varname[9] = { 0 }; data/libticonv-1.1.5/tests/test_ticonv.c:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ti92_varname[9] = { 0 }; data/libticonv-1.1.5/tests/test_ticonv.c:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ti84p_varname[36] = { 0 }; data/libticonv-1.1.5/tests/torture_ticonv.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ti[256]; data/libticonv-1.1.5/src/filename.c:268:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = dst = g_malloc0(18*strlen(src)+1); data/libticonv-1.1.5/src/filename.c:304:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(q, str, strlen(str) + 1); data/libticonv-1.1.5/src/filename.c:306:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q += strlen(str); data/libticonv-1.1.5/src/iconv.c:88:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(input,*inbuf,*inbytesleft); data/libticonv-1.1.5/src/iconv.c:222:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1=strlen(tmp1); data/libticonv-1.1.5/src/iconv.c:225:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2=strlen(tmp2); data/libticonv-1.1.5/src/ticonv.c:332:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned short * utf16 = g_malloc0(4 * strlen(ti) + 2); // upper bound data/libticonv-1.1.5/src/ticonv.c:430:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, tmp, maxlen - 1); data/libticonv-1.1.5/src/ticonv.c:541:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, tmp, maxlen - 1); data/libticonv-1.1.5/src/ticonv.c:653:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, tmp, maxlen - 1); data/libticonv-1.1.5/src/ticonv.c:793:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, tmp, maxlen - 1); data/libticonv-1.1.5/src/tokens.c:477:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, src, 8); data/libticonv-1.1.5/src/tokens.c:647:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str+1, src_, 7); data/libticonv-1.1.5/src/tokens.c:653:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (src[0] == '[' && src[2] == ']' && strlen(src_) == 3) data/libticonv-1.1.5/src/tokens.c:658:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'L' && (src[1] >= 128 && src[1] <= 137) && strlen(src_) == 2) data/libticonv-1.1.5/src/tokens.c:663:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'Y' && (src[1] >= 128 && src[1] <= 137) && strlen(src_) == 2) data/libticonv-1.1.5/src/tokens.c:668:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'X' && (src[1] >= 128 && src[1] <= 133) && strlen(src_) == 3) data/libticonv-1.1.5/src/tokens.c:673:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'Y' && (src[1] >= 128 && src[1] <= 133) && strlen(src_) == 3) data/libticonv-1.1.5/src/tokens.c:678:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'r' && (src[1] >= 128 && src[1] <= 133) && strlen(src_) == 2) data/libticonv-1.1.5/src/tokens.c:683:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (model == CALC_TI73 && src[0] == 'C' && (src[1] >= 128 && src[1] <= 131) && strlen(src_) == 2) data/libticonv-1.1.5/src/tokens.c:688:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 2 && strlen(src_) == 1) data/libticonv-1.1.5/src/tokens.c:692:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 3 && strlen(src_) == 1) data/libticonv-1.1.5/src/tokens.c:696:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 4 && strlen(src_) == 1) data/libticonv-1.1.5/src/tokens.c:700:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'P' && src[1] == 'i' && src[2] == 'c' && src[3] >= '0' && src[3] <= '9' && strlen(src_) == 4) data/libticonv-1.1.5/src/tokens.c:705:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'G' && src[1] == 'D' && src[2] == 'B' && src[3] >= '0' && src[3] <= '9' && strlen(src_) == 4) data/libticonv-1.1.5/src/tokens.c:710:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (src[0] == 'S' && src[1] == 't' && src[2] == 'r' && src[3] >= '0' && src[3] <= '9' && strlen(src_) == 4) data/libticonv-1.1.5/tests/test_ticonv.c:138:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("UTF-8 varname: <%s> (%i)\n", ti82_varname, (int)strlen(ti82_varname)); data/libticonv-1.1.5/tests/test_ticonv.c:142:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("UTF-8 varname: <%s> (%i)\n", ti92_varname, (int)strlen(ti92_varname)); data/libticonv-1.1.5/tests/test_ticonv.c:146:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("UTF-8 varname: <%s> (%i)\n", ti84p_varname, (int)strlen(ti84p_varname)); data/libticonv-1.1.5/tests/test_ticonv.c:151:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("raw varname: <%s> (%i)\n", ti92_varname, (int)strlen(ti92_varname)); data/libticonv-1.1.5/tests/test_ticonv.c:156:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("raw varname: <%s> (%i)\n", ti82_varname, (int)strlen(ti82_varname)); data/libticonv-1.1.5/tests/test_ticonv.c:161:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("raw varname: <%s> (%i)\n", ti84p_varname, (int)strlen(ti84p_varname)); data/libticonv-1.1.5/tests/test_ticonv.c:167:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("raw varname: <%s> (%i)\n", ti84p_varname, (int)strlen(ti84p_varname)); ANALYSIS SUMMARY: Hits = 50 Lines analyzed = 4510 in approximately 0.14 seconds (33075 lines/second) Physical Source Lines of Code (SLOC) = 3033 Hits@level = [0] 21 [1] 33 [2] 11 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 71 [1+] 50 [2+] 17 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 23.4092 [1+] 16.4853 [2+] 5.60501 [3+] 1.97824 [4+] 1.97824 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.