Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sketch-0.3.7/bsp.c
Examining data/sketch-0.3.7/bsp.h
Examining data/sketch-0.3.7/cmdline.c
Examining data/sketch-0.3.7/cmdline.h
Examining data/sketch-0.3.7/dynarray.h
Examining data/sketch-0.3.7/emit.c
Examining data/sketch-0.3.7/emit.h
Examining data/sketch-0.3.7/error.c
Examining data/sketch-0.3.7/error.h
Examining data/sketch-0.3.7/expr.c
Examining data/sketch-0.3.7/expr.h
Examining data/sketch-0.3.7/geometry.c
Examining data/sketch-0.3.7/geometry.h
Examining data/sketch-0.3.7/geomio.c
Examining data/sketch-0.3.7/geomio.h
Examining data/sketch-0.3.7/global.c
Examining data/sketch-0.3.7/global.h
Examining data/sketch-0.3.7/langver.c
Examining data/sketch-0.3.7/langver.h
Examining data/sketch-0.3.7/lex.yy.c
Examining data/sketch-0.3.7/main.c
Examining data/sketch-0.3.7/main.h
Examining data/sketch-0.3.7/memutil.c
Examining data/sketch-0.3.7/memutil.h
Examining data/sketch-0.3.7/opts.c
Examining data/sketch-0.3.7/opts.h
Examining data/sketch-0.3.7/parse.h
Examining data/sketch-0.3.7/resource.h
Examining data/sketch-0.3.7/scene.c
Examining data/sketch-0.3.7/scene.h
Examining data/sketch-0.3.7/symbol.c
Examining data/sketch-0.3.7/symbol.h
Examining data/sketch-0.3.7/version.h
Examining data/sketch-0.3.7/y.tab.c
Examining data/sketch-0.3.7/y.tab.h
FINAL RESULTS:
data/sketch-0.3.7/emit.c:41:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, fmt, f);
data/sketch-0.3.7/emit.c:329:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, " circle (%s)", dotsize);
data/sketch-0.3.7/error.c:54:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, arg_list);
data/sketch-0.3.7/expr.c:44:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, F, val->val.flt);
data/sketch-0.3.7/expr.c:86:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, "%s" F, (j == 0) ? "" : ",", xf[i + j]);
data/sketch-0.3.7/geometry.c:1269:12: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (scanf("%d %s", &i, buf) == 2) {
data/sketch-0.3.7/lex.yy.c:1426:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(yytext, FLOAT_SCAN_FMT, &yylval.flt) != 1) {
data/sketch-0.3.7/memutil.c:50:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_str, str);
data/sketch-0.3.7/y.tab.c:967:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/sketch-0.3.7/y.tab.c:1680:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy((yyval.name), new_symbol(sym_tab, (yyvsp[-2].name), (yyvsp[-1].name), (yyvsp[0].obj), line) ? "" : (yyvsp[-2].name)); }
data/sketch-0.3.7/y.tab.c:1685:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy((yyval.name), new_symbol(sym_tab, (yyvsp[-2].name), (yyvsp[-1].name), (yyvsp[0].obj), line) ? "" : (yyvsp[-2].name)); }
data/sketch-0.3.7/dynarray.h:225:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ELTS, src->ELTS, src->current_size * sizeof(ELEMENT_TYPE)); \
data/sketch-0.3.7/dynarray.h:232:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ELTS, src->ELTS, src->N_ELTS * sizeof(ELEMENT_TYPE)); \
data/sketch-0.3.7/dynarray.h:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ELTS, src->ELTS, src->current_size * sizeof(ELEMENT_TYPE)); \
data/sketch-0.3.7/dynarray.h:352:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ELTS, src->ELTS, src->N_ELTS * sizeof(ELEMENT_TYPE)); \
data/sketch-0.3.7/dynarray.h:361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ELTS[j], src->ELTS[i], sizeof dst->ELTS[0]); \
data/sketch-0.3.7/emit.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tic, buf1[16], buf2[16], buf3[16];
data/sketch-0.3.7/emit.c:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16];
data/sketch-0.3.7/emit.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16];
data/sketch-0.3.7/emit.c:552:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, "r");
data/sketch-0.3.7/emit.c:565:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16], buf3[16], buf4[16];
data/sketch-0.3.7/emit.c:607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16], buf3[16], buf4[16];
data/sketch-0.3.7/emit.c:652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16], buf3[16], buf4[16];
data/sketch-0.3.7/emit.c:688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16], buf3[16], buf4[16];
data/sketch-0.3.7/emit.c:779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[16], buf2[16], buf3[16], buf4[16];
data/sketch-0.3.7/geometry.c:1259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/sketch-0.3.7/langver.c:64:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v->key[M - i], v->str, i); // save major in key
data/sketch-0.3.7/langver.c:88:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v->key[M], &v->str[i_minor], i - i_minor); // save minor in key
data/sketch-0.3.7/langver.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v->key[M], &v->str[i_minor], i - i_minor);
data/sketch-0.3.7/langver.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_PST_VERSION_STRING_SIZE];
data/sketch-0.3.7/langver.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAX_PST_VERSION_STRING_SIZE * 2];
data/sketch-0.3.7/lex.yy.c:1491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sketch-0.3.7/lex.yy.c:1510:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(buf, "r");
data/sketch-0.3.7/main.c:55:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file = fopen(wrap_env->out_file_name, "w");
data/sketch-0.3.7/main.c:110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(file_name, "r");
data/sketch-0.3.7/opts.c:53:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &src[beg], len);
data/sketch-0.3.7/opts.c:470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/sketch-0.3.7/symbol.h:27:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char SYMBOL_NAME[32];
data/sketch-0.3.7/y.tab.c:2254:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/sketch-0.3.7/y.tab.c:2271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/sketch-0.3.7/emit.c:44:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(buf); i > 0 && buf[i - 1] == '0'; i--)
data/sketch-0.3.7/emit.c:60:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "0");
data/sketch-0.3.7/emit.c:328:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = safe_malloc(strlen(dotsize) + 100);
data/sketch-0.3.7/langver.c:47:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > sizeof v->str - 1) {
data/sketch-0.3.7/lex.yy.c:879:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/sketch-0.3.7/lex.yy.c:1503:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf);
data/sketch-0.3.7/memutil.c:49:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_str = safe_malloc(strlen(str) + 1);
data/sketch-0.3.7/opts.c:38:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/sketch-0.3.7/symbol.c:365:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sym->name, name, sizeof sym->name);
data/sketch-0.3.7/symbol.c:368:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > sizeof sym->name - 1)
data/sketch-0.3.7/symbol.c:372:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sym->tag, tag, sizeof sym->tag);
data/sketch-0.3.7/y.tab.c:1077:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 14241 in approximately 0.39 seconds (36672 lines/second)
Physical Source Lines of Code (SLOC) = 10689
Hits@level = [0] 137 [1] 12 [2] 29 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 189 [1+] 52 [2+] 40 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 17.6817 [1+] 4.86481 [2+] 3.74216 [3+] 1.0291 [4+] 1.0291 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.