Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libx86emu-3.1/api.c Examining data/libx86emu-3.1/decode.c Examining data/libx86emu-3.1/demo/x86emu-demo.c Examining data/libx86emu-3.1/include/decode.h Examining data/libx86emu-3.1/include/mem.h Examining data/libx86emu-3.1/include/ops.h Examining data/libx86emu-3.1/include/prim_ops.h Examining data/libx86emu-3.1/include/x86emu.h Examining data/libx86emu-3.1/include/x86emu_int.h Examining data/libx86emu-3.1/mem.c Examining data/libx86emu-3.1/ops.c Examining data/libx86emu-3.1/ops2.c Examining data/libx86emu-3.1/prim_ops.c Examining data/libx86emu-3.1/test/x86test.c FINAL RESULTS: data/libx86emu-3.1/api.c:344:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size = vsnprintf(emu->log.ptr, size, format, args); data/libx86emu-3.1/include/x86emu.h:563:81: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void x86emu_log(x86emu_t *emu, const char *format, ...) __attribute__ ((format (printf, 2, 3))); data/libx86emu-3.1/test/x86test.c:53:63: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void lprintf(const char *format, ...) __attribute__ ((format (printf, 1, 2))); data/libx86emu-3.1/test/x86test.c:187:20: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if(opt.log_file) vfprintf(opt.log_file, format, args); data/libx86emu-3.1/test/x86test.c:443:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, suffix); data/libx86emu-3.1/demo/x86emu-demo.c:56:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((i = getopt_long(argc, argv, "hm:l:s:", options, NULL)) != -1) { data/libx86emu-3.1/test/x86test.c:102:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((i = getopt_long(argc, argv, "hv", options, NULL)) != -1) { data/libx86emu-3.1/api.c:114:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_emu->log.buf, emu->log.buf, emu->log.ptr - emu->log.buf); data/libx86emu-3.1/api.c:436:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_data[LINE_LEN * 8], str_attr[LINE_LEN * 8], fbuf[64]; data/libx86emu-3.1/api.c:437:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char def_data[LINE_LEN], def_attr[LINE_LEN]; data/libx86emu-3.1/api.c:464:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def_data, page.data + u2, LINE_LEN); data/libx86emu-3.1/api.c:466:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def_attr, page.attr + u2, LINE_LEN); data/libx86emu-3.1/api.c:607:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x800) strcat(fbuf, " of"); data/libx86emu-3.1/api.c:608:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x400) strcat(fbuf, " df"); data/libx86emu-3.1/api.c:609:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x200) strcat(fbuf, " if"); data/libx86emu-3.1/api.c:610:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x080) strcat(fbuf, " sf"); data/libx86emu-3.1/api.c:611:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x040) strcat(fbuf, " zf"); data/libx86emu-3.1/api.c:612:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x010) strcat(fbuf, " af"); data/libx86emu-3.1/api.c:613:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x004) strcat(fbuf, " pf"); data/libx86emu-3.1/api.c:614:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(emu->x86.R_EFLG & 0x001) strcat(fbuf, " cf"); data/libx86emu-3.1/decode.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "[", 1); data/libx86emu-3.1/decode.c:140:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "es:[", 4); data/libx86emu-3.1/decode.c:144:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "cs:[", 4); data/libx86emu-3.1/decode.c:148:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "ss:[", 4); data/libx86emu-3.1/decode.c:152:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "ds:[", 4); data/libx86emu-3.1/decode.c:156:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "fs:[", 4); data/libx86emu-3.1/decode.c:160:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emu->x86.decode_seg, "gs:[", 4); data/libx86emu-3.1/decode.c:1755:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*p, emu->x86.disasm_buf, u); data/libx86emu-3.1/decode.c:1847:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char seg_name[7] = "ecsdfg?"; data/libx86emu-3.1/demo/x86emu-demo.c:173:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(f = fopen(file, "r"))) return 0; data/libx86emu-3.1/include/decode.h:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((emu)->x86.disasm_ptr, a, sizeof a - 1), \ data/libx86emu-3.1/include/decode.h:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((emu)->x86.disasm_ptr, (emu)->x86.decode_seg, 4), \ data/libx86emu-3.1/include/x86emu.h:438:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char decode_seg[4]; data/libx86emu-3.1/include/x86emu.h:439:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char instr_buf[32]; /* instruction bytes */ data/libx86emu-3.1/include/x86emu.h:441:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char disasm_buf[256]; data/libx86emu-3.1/include/x86emu_int.h:97:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define LOG_STR(a) memcpy(*p, a, sizeof (a) - 1), *p += sizeof (a) - 1 data/libx86emu-3.1/mem.c:72:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, n); data/libx86emu-3.1/ops2.c:321:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(*dst)); data/libx86emu-3.1/ops2.c:334:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &tmp, sizeof(*dst)); data/libx86emu-3.1/test/x86test.c:254:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], *s, *s1, *s2; data/libx86emu-3.1/test/x86test.c:259:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(f = fopen(file, "r"))) return 0; data/libx86emu-3.1/test/x86test.c:413:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file) opt.log_file = fopen(file, "w"); data/libx86emu-3.1/test/x86test.c:442:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, file, i - 5); data/libx86emu-3.1/test/x86test.c:460:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f0 = fopen(build_file_name(file, ".result"), "r"); data/libx86emu-3.1/test/x86test.c:461:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1 = fopen(build_file_name(file, ".done"), "r"); data/libx86emu-3.1/test/x86test.c:502:45: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). opt.log_file = opt.show.stderr ? stderr : fopen(build_file_name(file, ".log"), "w"); data/libx86emu-3.1/demo/x86emu-demo.c:175:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((i = fgetc(f)) != EOF) { data/libx86emu-3.1/test/x86test.c:438:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(file); data/libx86emu-3.1/test/x86test.c:441:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = calloc(1, i - 5 + strlen(suffix) + 1); ANALYSIS SUMMARY: Hits = 49 Lines analyzed = 16291 in approximately 0.38 seconds (42334 lines/second) Physical Source Lines of Code (SLOC) = 11541 Hits@level = [0] 7 [1] 3 [2] 39 [3] 2 [4] 5 [5] 0 Hits@level+ = [0+] 56 [1+] 49 [2+] 46 [3+] 7 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 4.85227 [1+] 4.24573 [2+] 3.98579 [3+] 0.606533 [4+] 0.433238 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.