Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libxmltok-1.2/xmltok/ascii.h Examining data/libxmltok-1.2/xmltok/asciitab.h Examining data/libxmltok-1.2/xmltok/dllmain.c Examining data/libxmltok-1.2/xmltok/iasciitab.h Examining data/libxmltok-1.2/xmltok/latin1tab.h Examining data/libxmltok-1.2/xmltok/nametab.h Examining data/libxmltok-1.2/xmltok/utf8tab.h Examining data/libxmltok-1.2/xmltok/xmldef.h Examining data/libxmltok-1.2/xmltok/xmlrole.c Examining data/libxmltok-1.2/xmltok/xmlrole.h Examining data/libxmltok-1.2/xmltok/xmltok.c Examining data/libxmltok-1.2/xmltok/xmltok.h Examining data/libxmltok-1.2/xmltok/xmltok_impl.c Examining data/libxmltok-1.2/xmltok/xmltok_impl.h Examining data/libxmltok-1.2/xmltok/xmltok_ns.c Examining data/libxmltok-1.2/gennmtab/gennmtab.c Examining data/libxmltok-1.2/xmlparse/xmlparse.c Examining data/libxmltok-1.2/xmlparse/xmlparse.h Examining data/libxmltok-1.2/xmlwf/codepage.c Examining data/libxmltok-1.2/xmlwf/codepage.h Examining data/libxmltok-1.2/xmlwf/filemap.h Examining data/libxmltok-1.2/xmlwf/readfilemap.c Examining data/libxmltok-1.2/xmlwf/unixfilemap.c Examining data/libxmltok-1.2/xmlwf/win32filemap.c Examining data/libxmltok-1.2/xmlwf/xmlfile.c Examining data/libxmltok-1.2/xmlwf/xmlfile.h Examining data/libxmltok-1.2/xmlwf/xmltchar.h Examining data/libxmltok-1.2/xmlwf/xmlwf.c Examining data/libxmltok-1.2/sample/elements.c FINAL RESULTS: data/libxmltok-1.2/xmlwf/xmltchar.h:6:18: [4] (format) fwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ftprintf fwprintf data/libxmltok-1.2/xmlwf/xmltchar.h:11:16: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define tcscpy wcscpy data/libxmltok-1.2/xmlwf/xmltchar.h:12:16: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define tcscat wcscat data/libxmltok-1.2/xmlwf/xmltchar.h:22:18: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ftprintf fprintf data/libxmltok-1.2/xmlwf/xmltchar.h:27:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define tcscpy strcpy data/libxmltok-1.2/xmlwf/xmltchar.h:28:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define tcscat strcat data/libxmltok-1.2/gennmtab/gennmtab.c:375:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pageIndex[512]; data/libxmltok-1.2/gennmtab/gennmtab.c:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tab[2*65536]; data/libxmltok-1.2/gennmtab/gennmtab.c:423:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tab + 65536, tab, 65536); data/libxmltok-1.2/sample/elements.c:27:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/libxmltok-1.2/xmlparse/xmlparse.c:116:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). char open; data/libxmltok-1.2/xmlparse/xmlparse.c:922:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, end, nLeftOver); data/libxmltok-1.2/xmlparse/xmlparse.c:929:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(XML_GetBuffer(parser, len), s, len); data/libxmltok-1.2/xmlparse/xmlparse.c:979:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, bufferPtr, bufferEnd - bufferPtr); data/libxmltok-1.2/xmlparse/xmlparse.c:1265:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) data/libxmltok-1.2/xmlparse/xmlparse.c:1354:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->buf, tag->rawName, tag->rawNameLength); data/libxmltok-1.2/xmlparse/xmlparse.c:1816:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri, binding->uri, binding->uriLen * sizeof(XML_Char)); data/libxmltok-1.2/xmlparse/xmlparse.c:1823:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(binding->uri + binding->uriLen, localPart, i * sizeof(XML_Char)); data/libxmltok-1.2/xmlparse/xmlparse.c:1859:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b->uri, uri, len * sizeof(XML_Char)); data/libxmltok-1.2/xmlparse/xmlparse.c:2070:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encodingBuf[128]; data/libxmltok-1.2/xmlparse/xmlparse.c:2656:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) data/libxmltok-1.2/xmlparse/xmlparse.c:2922:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (entity->open) { data/libxmltok-1.2/xmlparse/xmlparse.c:2985:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) { data/libxmltok-1.2/xmlparse/xmlparse.c:3336:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!e->open) data/libxmltok-1.2/xmlparse/xmlparse.c:3452:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tem, p1, sizeof(DTD)); data/libxmltok-1.2/xmlparse/xmlparse.c:3453:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1, p2, sizeof(DTD)); data/libxmltok-1.2/xmlparse/xmlparse.c:3454:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, &tem, sizeof(DTD)); data/libxmltok-1.2/xmlparse/xmlparse.c:3888:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pool->blocks->s, pool->start, (pool->end - pool->start) * sizeof(XML_Char)); data/libxmltok-1.2/xmlparse/xmlparse.c:3919:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tem->s, pool->start, (pool->ptr - pool->start) * sizeof(XML_Char)); data/libxmltok-1.2/xmltok/xmltok.c:123:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char type[256]; data/libxmltok-1.2/xmltok/xmltok.c:883:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/libxmltok-1.2/xmltok/xmltok.c:917:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). char open; data/libxmltok-1.2/xmltok/xmltok.c:976:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (c == open) data/libxmltok-1.2/xmltok/xmltok.c:1176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[256][4]; data/libxmltok-1.2/xmltok/xmltok.c:1217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[XML_UTF8_ENCODE_MAX]; data/libxmltok-1.2/xmltok/xmltok.c:1275:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)mem)[i] = ((char *)&latin1_encoding)[i]; data/libxmltok-1.2/xmltok/xmltok_impl.c:572:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open; data/libxmltok-1.2/xmltok/xmltok_impl.c:584:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). switch (open) { data/libxmltok-1.2/xmltok/xmltok_impl.c:601:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (t == open) data/libxmltok-1.2/xmltok/xmltok_impl.c:936:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int PREFIX(scanLit)(int open, const ENCODING *enc, data/libxmltok-1.2/xmltok/xmltok_impl.c:947:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (t != open) data/libxmltok-1.2/xmltok/xmltok_impl.c:1489:53: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). || BYTE_TYPE(enc, ptr + MINBPC(enc)) == open)) data/libxmltok-1.2/xmltok/xmltok_ns.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ENCODING_MAX]; data/libxmltok-1.2/xmlwf/codepage.c:36:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(cp, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS, data/libxmltok-1.2/xmlwf/codepage.c:47:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(cp, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS, data/libxmltok-1.2/xmlwf/readfilemap.c:40:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY|O_BINARY); data/libxmltok-1.2/xmlwf/unixfilemap.c:29:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY); data/libxmltok-1.2/xmlwf/xmltchar.h:23:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define tfopen fopen data/libxmltok-1.2/xmlwf/xmltchar.h:33:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define topen open data/libxmltok-1.2/xmlwf/readfilemap.c:59:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fd, p, nbytes); data/libxmltok-1.2/xmlwf/xmlfile.c:153:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(fd, buf, READ_SIZE); data/libxmltok-1.2/xmlwf/xmltchar.h:15:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define tcslen wcslen data/libxmltok-1.2/xmlwf/xmltchar.h:31:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define tcslen strlen ANALYSIS SUMMARY: Hits = 53 Lines analyzed = 11852 in approximately 0.28 seconds (41980 lines/second) Physical Source Lines of Code (SLOC) = 10532 Hits@level = [0] 16 [1] 4 [2] 43 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 69 [1+] 53 [2+] 49 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 6.55146 [1+] 5.03228 [2+] 4.65249 [3+] 0.569692 [4+] 0.569692 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.