Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libx86emu-3.1/api.c
Examining data/libx86emu-3.1/decode.c
Examining data/libx86emu-3.1/demo/x86emu-demo.c
Examining data/libx86emu-3.1/include/decode.h
Examining data/libx86emu-3.1/include/mem.h
Examining data/libx86emu-3.1/include/ops.h
Examining data/libx86emu-3.1/include/prim_ops.h
Examining data/libx86emu-3.1/include/x86emu.h
Examining data/libx86emu-3.1/include/x86emu_int.h
Examining data/libx86emu-3.1/mem.c
Examining data/libx86emu-3.1/ops.c
Examining data/libx86emu-3.1/ops2.c
Examining data/libx86emu-3.1/prim_ops.c
Examining data/libx86emu-3.1/test/x86test.c
FINAL RESULTS:
data/libx86emu-3.1/api.c:344:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size = vsnprintf(emu->log.ptr, size, format, args);
data/libx86emu-3.1/include/x86emu.h:563:81: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void x86emu_log(x86emu_t *emu, const char *format, ...) __attribute__ ((format (printf, 2, 3)));
data/libx86emu-3.1/test/x86test.c:53:63: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void lprintf(const char *format, ...) __attribute__ ((format (printf, 1, 2)));
data/libx86emu-3.1/test/x86test.c:187:20: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(opt.log_file) vfprintf(opt.log_file, format, args);
data/libx86emu-3.1/test/x86test.c:443:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, suffix);
data/libx86emu-3.1/demo/x86emu-demo.c:56:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt_long(argc, argv, "hm:l:s:", options, NULL)) != -1) {
data/libx86emu-3.1/test/x86test.c:102:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt_long(argc, argv, "hv", options, NULL)) != -1) {
data/libx86emu-3.1/api.c:114:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_emu->log.buf, emu->log.buf, emu->log.ptr - emu->log.buf);
data/libx86emu-3.1/api.c:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_data[LINE_LEN * 8], str_attr[LINE_LEN * 8], fbuf[64];
data/libx86emu-3.1/api.c:437:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char def_data[LINE_LEN], def_attr[LINE_LEN];
data/libx86emu-3.1/api.c:464:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(def_data, page.data + u2, LINE_LEN);
data/libx86emu-3.1/api.c:466:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(def_attr, page.attr + u2, LINE_LEN);
data/libx86emu-3.1/api.c:607:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x800) strcat(fbuf, " of");
data/libx86emu-3.1/api.c:608:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x400) strcat(fbuf, " df");
data/libx86emu-3.1/api.c:609:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x200) strcat(fbuf, " if");
data/libx86emu-3.1/api.c:610:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x080) strcat(fbuf, " sf");
data/libx86emu-3.1/api.c:611:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x040) strcat(fbuf, " zf");
data/libx86emu-3.1/api.c:612:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x010) strcat(fbuf, " af");
data/libx86emu-3.1/api.c:613:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x004) strcat(fbuf, " pf");
data/libx86emu-3.1/api.c:614:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(emu->x86.R_EFLG & 0x001) strcat(fbuf, " cf");
data/libx86emu-3.1/decode.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "[", 1);
data/libx86emu-3.1/decode.c:140:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "es:[", 4);
data/libx86emu-3.1/decode.c:144:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "cs:[", 4);
data/libx86emu-3.1/decode.c:148:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "ss:[", 4);
data/libx86emu-3.1/decode.c:152:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "ds:[", 4);
data/libx86emu-3.1/decode.c:156:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "fs:[", 4);
data/libx86emu-3.1/decode.c:160:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emu->x86.decode_seg, "gs:[", 4);
data/libx86emu-3.1/decode.c:1755:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*p, emu->x86.disasm_buf, u);
data/libx86emu-3.1/decode.c:1847:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seg_name[7] = "ecsdfg?";
data/libx86emu-3.1/demo/x86emu-demo.c:173:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(f = fopen(file, "r"))) return 0;
data/libx86emu-3.1/include/decode.h:46:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((emu)->x86.disasm_ptr, a, sizeof a - 1), \
data/libx86emu-3.1/include/decode.h:50:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((emu)->x86.disasm_ptr, (emu)->x86.decode_seg, 4), \
data/libx86emu-3.1/include/x86emu.h:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decode_seg[4];
data/libx86emu-3.1/include/x86emu.h:439:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char instr_buf[32]; /* instruction bytes */
data/libx86emu-3.1/include/x86emu.h:441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disasm_buf[256];
data/libx86emu-3.1/include/x86emu_int.h:97:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define LOG_STR(a) memcpy(*p, a, sizeof (a) - 1), *p += sizeof (a) - 1
data/libx86emu-3.1/mem.c:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, n);
data/libx86emu-3.1/ops2.c:321:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(*dst));
data/libx86emu-3.1/ops2.c:334:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &tmp, sizeof(*dst));
data/libx86emu-3.1/test/x86test.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *s, *s1, *s2;
data/libx86emu-3.1/test/x86test.c:259:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(f = fopen(file, "r"))) return 0;
data/libx86emu-3.1/test/x86test.c:413:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(file) opt.log_file = fopen(file, "w");
data/libx86emu-3.1/test/x86test.c:442:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, file, i - 5);
data/libx86emu-3.1/test/x86test.c:460:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f0 = fopen(build_file_name(file, ".result"), "r");
data/libx86emu-3.1/test/x86test.c:461:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(build_file_name(file, ".done"), "r");
data/libx86emu-3.1/test/x86test.c:502:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
opt.log_file = opt.show.stderr ? stderr : fopen(build_file_name(file, ".log"), "w");
data/libx86emu-3.1/demo/x86emu-demo.c:175:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((i = fgetc(f)) != EOF) {
data/libx86emu-3.1/test/x86test.c:438:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(file);
data/libx86emu-3.1/test/x86test.c:441:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = calloc(1, i - 5 + strlen(suffix) + 1);
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 16291 in approximately 0.38 seconds (42334 lines/second)
Physical Source Lines of Code (SLOC) = 11541
Hits@level = [0] 7 [1] 3 [2] 39 [3] 2 [4] 5 [5] 0
Hits@level+ = [0+] 56 [1+] 49 [2+] 46 [3+] 7 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 4.85227 [1+] 4.24573 [2+] 3.98579 [3+] 0.606533 [4+] 0.433238 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.