Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mate-calc-1.24.1/src/currency-manager.c
Examining data/mate-calc-1.24.1/src/currency-manager.h
Examining data/mate-calc-1.24.1/src/currency.c
Examining data/mate-calc-1.24.1/src/currency.h
Examining data/mate-calc-1.24.1/src/financial.c
Examining data/mate-calc-1.24.1/src/financial.h
Examining data/mate-calc-1.24.1/src/lexer.c
Examining data/mate-calc-1.24.1/src/lexer.h
Examining data/mate-calc-1.24.1/src/mate-calc-cmd.c
Examining data/mate-calc-1.24.1/src/mate-calc.c
Examining data/mate-calc-1.24.1/src/math-buttons.c
Examining data/mate-calc-1.24.1/src/math-buttons.h
Examining data/mate-calc-1.24.1/src/math-converter.c
Examining data/mate-calc-1.24.1/src/math-converter.h
Examining data/mate-calc-1.24.1/src/math-display.c
Examining data/mate-calc-1.24.1/src/math-display.h
Examining data/mate-calc-1.24.1/src/math-equation.c
Examining data/mate-calc-1.24.1/src/math-equation.h
Examining data/mate-calc-1.24.1/src/math-preferences.c
Examining data/mate-calc-1.24.1/src/math-preferences.h
Examining data/mate-calc-1.24.1/src/math-variable-popup.c
Examining data/mate-calc-1.24.1/src/math-variable-popup.h
Examining data/mate-calc-1.24.1/src/math-variables.c
Examining data/mate-calc-1.24.1/src/math-variables.h
Examining data/mate-calc-1.24.1/src/math-window.c
Examining data/mate-calc-1.24.1/src/math-window.h
Examining data/mate-calc-1.24.1/src/mp-binary.c
Examining data/mate-calc-1.24.1/src/mp-convert.c
Examining data/mate-calc-1.24.1/src/mp-equation-private.h
Examining data/mate-calc-1.24.1/src/mp-equation.c
Examining data/mate-calc-1.24.1/src/mp-equation.h
Examining data/mate-calc-1.24.1/src/mp-private.h
Examining data/mate-calc-1.24.1/src/mp-serializer.c
Examining data/mate-calc-1.24.1/src/mp-serializer.h
Examining data/mate-calc-1.24.1/src/mp-trigonometric.c
Examining data/mate-calc-1.24.1/src/mp.c
Examining data/mate-calc-1.24.1/src/mp.h
Examining data/mate-calc-1.24.1/src/parser.c
Examining data/mate-calc-1.24.1/src/parser.h
Examining data/mate-calc-1.24.1/src/parserfunc.c
Examining data/mate-calc-1.24.1/src/parserfunc.h
Examining data/mate-calc-1.24.1/src/prelexer.c
Examining data/mate-calc-1.24.1/src/prelexer.h
Examining data/mate-calc-1.24.1/src/test-mp-equation.c
Examining data/mate-calc-1.24.1/src/test-mp.c
Examining data/mate-calc-1.24.1/src/unit-category.c
Examining data/mate-calc-1.24.1/src/unit-category.h
Examining data/mate-calc-1.24.1/src/unit-manager.c
Examining data/mate-calc-1.24.1/src/unit-manager.h
Examining data/mate-calc-1.24.1/src/unit.c
Examining data/mate-calc-1.24.1/src/unit.h
Examining data/mate-calc-1.24.1/src/unittest.c
Examining data/mate-calc-1.24.1/src/unittest.h
Examining data/mate-calc-1.24.1/src/utility.h
FINAL RESULTS:
data/mate-calc-1.24.1/src/mate-calc.c:77:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/mate-calc-1.24.1/src/mate-calc.c:85:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/mate-calc-1.24.1/src/mate-calc.c:96:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/mate-calc-1.24.1/src/mate-calc.c:110:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/mate-calc-1.24.1/src/mate-calc.c:158:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/mate-calc-1.24.1/src/mate-calc.c:169:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/mate-calc-1.24.1/src/mp-convert.c:593:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_matched = sscanf(str, "%d°%d'%s\"", °rees, &minutes, seconds);
data/mate-calc-1.24.1/src/mp-private.h:33:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void mperr(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/mp.c:37:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, 1024, format, args);
data/mate-calc-1.24.1/src/parserfunc.c:370:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inv_name, self->token->string);
data/mate-calc-1.24.1/src/test-mp-equation.c:33:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void pass(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/test-mp-equation.c:34:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void fail(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/test-mp-equation.c:56:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/mate-calc-1.24.1/src/test-mp.c:28:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void pass(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/test-mp.c:29:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void fail(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/test-mp.c:51:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/mate-calc-1.24.1/src/unittest.c:36:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void pass(const char* format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/unittest.c:37:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void fail(const char* format, ...) __attribute__((format(printf, 1, 2)));
data/mate-calc-1.24.1/src/unittest.c:45:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/mate-calc-1.24.1/src/unittest.c:56:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/mate-calc-1.24.1/src/mp-convert.c:282:24: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mp_set_from_double(drand48(), z);
data/mate-calc-1.24.1/src/math-variables.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/mate-calc-1.24.1/src/math-variables.c:41:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(variables->priv->file_name, "r");
data/mate-calc-1.24.1/src/math-variables.c:83:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(variables->priv->file_name, "w");
data/mate-calc-1.24.1/src/mp-binary.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text1, *text2, text_out[MAX_DIGITS], text_out2[MAX_DIGITS];
data/mate-calc-1.24.1/src/mp-convert.c:26:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, x, sizeof(MPNumber));
data/mate-calc-1.24.1/src/mp-convert.c:270:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z->im_fraction, y->fraction, sizeof(int) * MP_SIZE);
data/mate-calc-1.24.1/src/mp-convert.c:275:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z->fraction, x->fraction, sizeof(int) * MP_SIZE);
data/mate-calc-1.24.1/src/mp-convert.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seconds[length+1];
data/mate-calc-1.24.1/src/mp-equation.c:128:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *digits[11] = {"⁰", "¹", "²", "³", "⁴", "⁵", "⁶", "⁷", "⁸", "⁹", NULL};
data/mate-calc-1.24.1/src/mp.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/mate-calc-1.24.1/src/mp.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z->fraction, x->im_fraction, sizeof(int) * MP_SIZE);
data/mate-calc-1.24.1/src/parserfunc.c:371:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inv_name, "⁻¹");
data/mate-calc-1.24.1/src/test-mp-equation.c:66:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_string[1024];
data/mate-calc-1.24.1/src/unittest.c:65:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_string[1024];
data/mate-calc-1.24.1/src/unittest.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_str[1024] = "";
data/mate-calc-1.24.1/src/lexer.c:44:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen (text) > 0)
data/mate-calc-1.24.1/src/mate-calc-cmd.c:58:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str)-1] = '\0'; /* Remove newline at end of string. */
data/mate-calc-1.24.1/src/mate-calc-cmd.c:89:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line == NULL || strcmp(equation, "exit") == 0 || strcmp(equation, "quit") == 0 || strlen(equation) == 0)
data/mate-calc-1.24.1/src/math-equation.c:828:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eq_text = g_string_sized_new(strlen(text));
data/mate-calc-1.24.1/src/mp-binary.c:57:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset1 = strlen(text1) - 1;
data/mate-calc-1.24.1/src/mp-binary.c:58:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset2 = strlen(text2) - 1;
data/mate-calc-1.24.1/src/mp-convert.c:551:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(*c, digits[i][j], strlen(digits[i][j])) == 0)
data/mate-calc-1.24.1/src/mp-convert.c:560:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(digits[i][j]);
data/mate-calc-1.24.1/src/mp-convert.c:574:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t word_len = strlen(word);
data/mate-calc-1.24.1/src/mp-convert.c:626:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return set_from_sexagesimal(str, strlen(str), z);
data/mate-calc-1.24.1/src/mp-convert.c:637:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end -= strlen(base_digits[i]);
data/mate-calc-1.24.1/src/mp-convert.c:655:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(c, "−", strlen("−")) == 0) {
data/mate-calc-1.24.1/src/mp-convert.c:657:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen("−");
data/mate-calc-1.24.1/src/mp-convert.c:672:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end -= strlen(fractions[i]);
data/mate-calc-1.24.1/src/mp-equation.c:114:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; digits[i] != NULL && strncmp(data, digits[i], strlen(digits[i])) != 0; i++);
data/mate-calc-1.24.1/src/mp-equation.c:117:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen(digits[i]);
data/mate-calc-1.24.1/src/mp-equation.c:130:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(data, "⁻", strlen("⁻")) == 0) {
data/mate-calc-1.24.1/src/mp-equation.c:132:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen("⁻");
data/mate-calc-1.24.1/src/mp-equation.c:136:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; digits[i] != NULL && strncmp(data, digits[i], strlen(digits[i])) != 0; i++);
data/mate-calc-1.24.1/src/mp-equation.c:140:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen(digits[i]);
data/mate-calc-1.24.1/src/mp-equation.c:297:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(expression && result) || strlen(expression) == 0)
data/mate-calc-1.24.1/src/parser.c:344:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = (gchar*) malloc(sizeof(gchar) * strlen(name));
data/mate-calc-1.24.1/src/parserfunc.c:195:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = (gchar*) malloc(sizeof(gchar) * strlen(self->token->string));
data/mate-calc-1.24.1/src/parserfunc.c:257:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = (gchar*) malloc(sizeof(gchar) * strlen(self->token->string));
data/mate-calc-1.24.1/src/parserfunc.c:369:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inv_name = (gchar*) malloc(sizeof(gchar) * strlen(self->token->string) + strlen("⁻¹") + 1);
data/mate-calc-1.24.1/src/parserfunc.c:369:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inv_name = (gchar*) malloc(sizeof(gchar) * strlen(self->token->string) + strlen("⁻¹") + 1);
data/mate-calc-1.24.1/src/prelexer.c:18:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
state->length = strlen(state->stream); /* Can't find a GLib replacement of strlen. The mailing list discussion says, it is not implemented because strlen is perfectly capable. :) */
ANALYSIS SUMMARY:
Hits = 63
Lines analyzed = 18768 in approximately 0.47 seconds (39937 lines/second)
Physical Source Lines of Code (SLOC) = 13975
Hits@level = [0] 47 [1] 27 [2] 15 [3] 1 [4] 20 [5] 0
Hits@level+ = [0+] 110 [1+] 63 [2+] 36 [3+] 21 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 7.8712 [1+] 4.50805 [2+] 2.57603 [3+] 1.50268 [4+] 1.43113 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.