Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mysqltcl-3.052/generic/mysqltcl.c FINAL RESULTS: data/mysqltcl-3.052/generic/mysqltcl.c:201:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(objPtr->bytes,state->MysqlNullvalue); data/mysqltcl-3.052/generic/mysqltcl.c:228:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len=sprintf(buffer, "%s%d", (handle->type==HT_QUERY) ? "query" : MysqlHandlePrefix,handle->number); data/mysqltcl-3.052/generic/mysqltcl.c:230:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(objPtr->bytes, buffer); data/mysqltcl-3.052/generic/mysqltcl.c:983:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(handle->database, db); data/mysqltcl-3.052/generic/mysqltcl.c:2025:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(handle->database, database); data/mysqltcl-3.052/generic/mysqltcl.c:2738:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (statePtr->MysqlNullvalue, MYSQL_NULLV_INIT); data/mysqltcl-3.052/generic/mysqltcl.c:2739:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (nbuf, "%s(%s)", MYSQL_STATUS_ARR, MYSQL_STATUS_NULLV); data/mysqltcl-3.052/generic/mysqltcl.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[MYSQL_NAME_LEN]; /* Db name, if selected; NULL otherwise. */ data/mysqltcl-3.052/generic/mysqltcl.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MYSQL_HPREFIX_LEN+TCL_DOUBLE_SPACE+1]; data/mysqltcl-3.052/generic/mysqltcl.c:481:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qhandle,handle,sizeof(MysqlTclHandle)); data/mysqltcl-3.052/generic/mysqltcl.c:2478:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. query = (char *)Tcl_GetByteArrayFromObj(objv[2], &queryLen); data/mysqltcl-3.052/generic/mysqltcl.c:2648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[MYSQL_SMALL_SIZE]; data/mysqltcl-3.052/generic/mysqltcl.c:199:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valueLen = strlen(state->MysqlNullvalue); data/mysqltcl-3.052/generic/mysqltcl.c:933:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(handle->database, db, MYSQL_NAME_LEN) ; data/mysqltcl-3.052/generic/mysqltcl.c:2755:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(MysqlHandlePrefix) == MYSQL_HPREFIX_LEN) ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 2771 in approximately 0.08 seconds (34107 lines/second) Physical Source Lines of Code (SLOC) = 1917 Hits@level = [0] 2 [1] 3 [2] 5 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 17 [1+] 15 [2+] 12 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 8.86802 [1+] 7.82473 [2+] 6.25978 [3+] 3.65154 [4+] 3.65154 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.