Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse.h Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.h Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.c Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.h Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/arginfo.h Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse.h Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.h Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.c Examining data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.h FINAL RESULTS: data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:1161:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[i], "%s%c", intbuf, id->next ? '.' : '\0'); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:437:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, Z_STRVAL_PP(zheaderval)); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:439:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newstr, header_val); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.c:42:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DBG_STATE(lbl) printf(lbl " %d:%c %d:%c\n", *YYCURSOR, *YYCURSOR, *start, *start) data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.c:341:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(toks->buffer, header); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:1155:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[i], "%s%c", intbuf, id->next ? '.' : '\0'); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:437:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, Z_STRVAL_P(zheaderval)); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:439:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newstr, header_val); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.c:39:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DBG_STATE(lbl) printf(lbl " %d:%c %d:%c\n", *YYCURSOR, *YYCURSOR, *start, *start) data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.c:338:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(toks->buffer, header); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:575:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:687:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:1139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intbuf[16]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:1147:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(intbuf, "%d", id->id); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:438:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newstr, ", "); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.c:424:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + len, tokvalue, toklen); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:472:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:575:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:685:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:1133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intbuf[16]; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:1141:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(intbuf, "%d", id->id); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:438:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newstr, ", "); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.c:421:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + len, tokvalue, toklen); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:530:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(origfilename); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:612:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(origfilename); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:804:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(origfilename); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:1012:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:1148:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(intbuf); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/mailparse.c:1430:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (SUCCESS == zend_hash_find(Z_ARRVAL_P(headers), headerkey, strlen(headerkey)+1, (void**)&headerval)) { data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:208:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charset_p = *(name+strlen(name)-1) == '*'; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:386:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (SUCCESS == zend_hash_find(Z_ARRVAL_P(attr->attributes), attrname, strlen(attrname)+1, (void**)&attrval)) data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:430:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SUCCESS == zend_hash_find(Z_ARRVAL_P(part->headerhash), header_key, strlen(header_key)+1, (void**)&zheaderval)) { data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:434:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen(header_val) + Z_STRLEN_PP(zheaderval) + 3; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:442:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(zend_hash_find(Z_ARRVAL_P(part->headerhash), header_key, strlen(header_key)+1, (void**)&zheaderval) == SUCCESS) { data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_mime.c:589:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bound_len = strlen(workpart->boundary); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.c:59:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). YYLIMIT = YYCURSOR + strlen(YYCURSOR) + 1; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-2.1.7-dev/php_mailparse_rfc822.c:338:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(header); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:530:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(origfilename); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:612:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(origfilename); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:802:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(origfilename); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:1012:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:1142:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(intbuf); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/mailparse.c:1417:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash_key = zend_string_init(headerkey, strlen(headerkey), 0); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:206:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charset_p = *(name+strlen(name)-1) == '*'; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:379:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash_key = zend_string_init(attrname, strlen(attrname), 0); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:429:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header_zstring = zend_string_init(header_key, strlen(header_key), 0); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:434:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen(header_val) + Z_STRLEN_P(zheaderval) + 3; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_mime.c:597:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bound_len = strlen(workpart->boundary); data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.c:57:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). YYLIMIT = YYCURSOR + strlen(YYCURSOR) + 1; data/php-mailparse-3.1.0+2.1.7~dev20160128/mailparse-3.1.0/php_mailparse_rfc822.c:335:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(header); ANALYSIS SUMMARY: Hits = 53 Lines analyzed = 7210 in approximately 0.18 seconds (39721 lines/second) Physical Source Lines of Code (SLOC) = 5172 Hits@level = [0] 14 [1] 27 [2] 16 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 67 [1+] 53 [2+] 26 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 12.9544 [1+] 10.2475 [2+] 5.02707 [3+] 1.93349 [4+] 1.93349 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.