Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pd-markex-0.85/reson~.c
Examining data/pd-markex-0.85/alternate.c
Examining data/pd-markex-0.85/counter.c
Examining data/pd-markex-0.85/vector-.c
Examining data/pd-markex-0.85/oneshot.c
Examining data/pd-markex-0.85/tripleLine.c
Examining data/pd-markex-0.85/vector0x2a.c
Examining data/pd-markex-0.85/vectorabs.c
Examining data/pd-markex-0.85/average.c
Examining data/pd-markex-0.85/abs~.c
Examining data/pd-markex-0.85/invert.c
Examining data/pd-markex-0.85/vector+.c
Examining data/pd-markex-0.85/rgb2hsv.c
Examining data/pd-markex-0.85/vectorpack.c
Examining data/pd-markex-0.85/markex.c
Examining data/pd-markex-0.85/multiselect.c
Examining data/pd-markex-0.85/strcat.c
Examining data/pd-markex-0.85/tripleRand.c
Examining data/pd-markex-0.85/randomF.c
Examining data/pd-markex-0.85/hsv2rgb.c
Examining data/pd-markex-0.85/vector0x2f.c
FINAL RESULTS:
data/pd-markex-0.85/strcat.c:27:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%s%s", x->a_text->s_name, sym->s_name);
data/pd-markex-0.85/strcat.c:35:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%s%f", x->a_text->s_name, n);
data/pd-markex-0.85/randomF.c:15:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random(void)
data/pd-markex-0.85/randomF.c:48:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double n = (double)range * (double)random() * (1. / 2147483648.);
data/pd-markex-0.85/tripleRand.c:15:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random(void)
data/pd-markex-0.85/tripleRand.c:69:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
float n = (float)((double)x->x_range[i] * (double)random() * (1. / 2147483648.));
data/pd-markex-0.85/strcat.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/pd-markex-0.85/strcat.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
ANALYSIS SUMMARY:
Hits = 8
Lines analyzed = 1891 in approximately 0.05 seconds (36625 lines/second)
Physical Source Lines of Code (SLOC) = 1438
Hits@level = [0] 0 [1] 0 [2] 2 [3] 4 [4] 2 [5] 0
Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 6 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 5.56328 [1+] 5.56328 [2+] 5.56328 [3+] 4.17246 [4+] 1.39082 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.