Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tclcl-1.20/compat/gettod.c Examining data/tclcl-1.20/compat/win32.c Examining data/tclcl-1.20/config.h Examining data/tclcl-1.20/idlecallback.cc Examining data/tclcl-1.20/idlecallback.h Examining data/tclcl-1.20/iohandler.cc Examining data/tclcl-1.20/iohandler.h Examining data/tclcl-1.20/rate-variable.cc Examining data/tclcl-1.20/rate-variable.h Examining data/tclcl-1.20/Tcl.cc Examining data/tclcl-1.20/Tcl2.cc Examining data/tclcl-1.20/tcl2c++.c Examining data/tclcl-1.20/tclAppInit.cc Examining data/tclcl-1.20/tclcl-config.h Examining data/tclcl-1.20/tclcl-internal.h Examining data/tclcl-1.20/tclcl-mappings.h Examining data/tclcl-1.20/tclcl.h Examining data/tclcl-1.20/timer.cc Examining data/tclcl-1.20/timer.h Examining data/tclcl-1.20/tkAppInit.cc Examining data/tclcl-1.20/tracedvar.cc Examining data/tclcl-1.20/tracedvar.h FINAL RESULTS: data/tclcl-1.20/Tcl.cc:165:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, s); data/tclcl-1.20/Tcl.cc:170:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, s); data/tclcl-1.20/Tcl.cc:186:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wrk, "tkerror {%s: %s}", application_, s); data/tclcl-1.20/Tcl.cc:225:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&bp_[1], "%s.%s", application_ + 1, name); data/tclcl-1.20/Tcl.cc:232:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&bp_[1], "%s.%s", application_ + 1, name); data/tclcl-1.20/Tcl.cc:239:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&bp_[1], application_ + 1); data/tclcl-1.20/Tcl.cc:298:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name_, s); data/tclcl-1.20/Tcl.cc:302:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name_, s); data/tclcl-1.20/Tcl.cc:311:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "%s: ", t.application()); data/tclcl-1.20/Tcl.cc:315:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "\"%s\" (%s): ", class_name_, cmd); data/tclcl-1.20/Tcl.cc:317:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "%s: ", cmd); data/tclcl-1.20/Tcl.cc:320:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "no such method (%s)", argv[1]); data/tclcl-1.20/Tcl.cc:346:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wrk, "$self instvar %s", var); data/tclcl-1.20/Tcl.cc:443:3: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/tclcl-1.20/Tcl.cc:658:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, name); data/tclcl-1.20/Tcl.cc:774:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wrk, "$self init-instvar %s", var); data/tclcl-1.20/Tcl.cc:871:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. if (-1 == snprintf(wrk, wrklen, data/tclcl-1.20/Tcl.cc:1251:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s ", name()); data/tclcl-1.20/Tcl.cc:1254:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(&buffer[strlen(buffer)], format, ap); data/tclcl-1.20/Tcl2.cc:49:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(char *buf, int size, const char *fmt, ...) data/tclcl-1.20/Tcl2.cc:59:6: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. n = vsprintf(buf, fmt, ap); data/tclcl-1.20/Tcl2.cc:65:6: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. n = vsprintf(buf, fmt, ap); data/tclcl-1.20/Tcl2.cc:82:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(bp_, fmt, ap); data/tclcl-1.20/Tcl2.cc:90:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(bp_, fmt, ap); data/tclcl-1.20/Tcl2.cc:100:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, fmt, ap); data/tclcl-1.20/rate-variable.cc:110:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(res, rv->format, rate); data/tclcl-1.20/rate-variable.cc:140:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rv->format, fmt); data/tclcl-1.20/tclcl-internal.h:36:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int snprintf(char *buf, int size, const char *fmt, ...); data/tclcl-1.20/Tcl.cc:322:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "requires additional args"); data/tclcl-1.20/Tcl.cc:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[256]; data/tclcl-1.20/Tcl.cc:365:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[WRK_MEDIUM_SIZE]; data/tclcl-1.20/Tcl.cc:727:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[WRK_SMALL_SIZE]; data/tclcl-1.20/Tcl.cc:773:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[256]; data/tclcl-1.20/Tcl.cc:891:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi(s); data/tclcl-1.20/Tcl.cc:957:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[32]; data/tclcl-1.20/Tcl.cc:994:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[32]; data/tclcl-1.20/Tcl.cc:1070:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrk[WRK_MEDIUM_SIZE]; data/tclcl-1.20/Tcl.cc:1248:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; /* XXX: individual command should not be data/tclcl-1.20/Tcl2.cc:96:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; /* XXX: individual error lines should not be data/tclcl-1.20/rate-variable.cc:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[16]; data/tclcl-1.20/rate-variable.cc:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[128]; data/tclcl-1.20/rate-variable.cc:86:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int curval = atoi(cv); data/tclcl-1.20/tcl2c++.c:216:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen(filename, "r"); data/tclcl-1.20/tclcl.h:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_[4096]; data/tclcl-1.20/tclcl.h:251:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_[TCLCL_NAME_LEN]; data/tclcl-1.20/Tcl.cc:161:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int n = strlen(s) + 1; data/tclcl-1.20/Tcl.cc:180:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(application_) + strlen(s); data/tclcl-1.20/Tcl.cc:180:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(application_) + strlen(s); data/tclcl-1.20/Tcl.cc:183:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(application_) + strlen(s); data/tclcl-1.20/Tcl.cc:183:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(application_) + strlen(s); data/tclcl-1.20/Tcl.cc:200:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp_ = p + strlen(p) + 1; data/tclcl-1.20/Tcl.cc:213:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > MAX_CODE_TO_DUMP) { data/tclcl-1.20/Tcl.cc:296:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) >= TCLCL_NAME_LEN) data/tclcl-1.20/Tcl.cc:301:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_ = new char[strlen(s) + 1]; data/tclcl-1.20/Tcl.cc:312:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/tclcl-1.20/Tcl.cc:318:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/tclcl-1.20/Tcl.cc:657:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* s = new char[strlen(name) + 1]; data/tclcl-1.20/Tcl.cc:675:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, value_, buflen); data/tclcl-1.20/Tcl.cc:1254:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vsprintf(&buffer[strlen(buffer)], format, ap); data/tclcl-1.20/Tcl2.cc:60:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(n) >= size) data/tclcl-1.20/Tcl2.cc:62:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(n); data/tclcl-1.20/tcl2c++.c:78:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/tclcl-1.20/tcl2c++.c:107:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) != 'd') goto next; data/tclcl-1.20/tcl2c++.c:108:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) != 'e') goto next; data/tclcl-1.20/tcl2c++.c:109:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) != 'f') goto next; data/tclcl-1.20/tcl2c++.c:110:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) != 'i') goto next; data/tclcl-1.20/tcl2c++.c:111:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) != 'n') goto next; data/tclcl-1.20/tcl2c++.c:112:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) != 'e') goto next; data/tclcl-1.20/tcl2c++.c:158:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/tclcl-1.20/tcl2c++.c:169:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) == *cp) ANALYSIS SUMMARY: Hits = 70 Lines analyzed = 3900 in approximately 0.14 seconds (28083 lines/second) Physical Source Lines of Code (SLOC) = 2438 Hits@level = [0] 27 [1] 25 [2] 17 [3] 0 [4] 28 [5] 0 Hits@level+ = [0+] 97 [1+] 70 [2+] 45 [3+] 28 [4+] 28 [5+] 0 Hits/KSLOC@level+ = [0+] 39.7867 [1+] 28.7121 [2+] 18.4578 [3+] 11.4848 [4+] 11.4848 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.