Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tclxml-3.2.7/docObj.c
Examining data/tclxml-3.2.7/include/tcldom-libxml2/nodeObj.h
Examining data/tclxml-3.2.7/include/tcldom-libxml2/tcldom-libxml2.h
Examining data/tclxml-3.2.7/include/tcldom/tcldom.h
Examining data/tclxml-3.2.7/include/tclxml-libxml2/docObj.h
Examining data/tclxml-3.2.7/include/tclxml-libxml2/tclxml-libxml2.h
Examining data/tclxml-3.2.7/include/tclxml-libxml2/tclxml-libxml2Decls.h
Examining data/tclxml-3.2.7/include/tclxml/tclxmlDecls.h
Examining data/tclxml-3.2.7/include/tclxslt/tclxslt.h
Examining data/tclxml-3.2.7/nodeObj.c
Examining data/tclxml-3.2.7/tcldom-libxml2.c
Examining data/tclxml-3.2.7/tcldom.c
Examining data/tclxml-3.2.7/tclxml-libxml2.c
Examining data/tclxml-3.2.7/tclxml.c
Examining data/tclxml-3.2.7/tclxmlDecls.h
Examining data/tclxml-3.2.7/tclxmlStubInit.c
Examining data/tclxml-3.2.7/tclxmlStubLib.c
Examining data/tclxml-3.2.7/tclxslt-libxslt.c
Examining data/tclxml-3.2.7/win/nmakehlp.c
FINAL RESULTS:
data/tclxml-3.2.7/docObj.c:213:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, tDocPtr->token);
data/tclxml-3.2.7/docObj.c:246:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, tDocPtr->token);
data/tclxml-3.2.7/docObj.c:533:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, tDocPtr->token);
data/tclxml-3.2.7/tcldom-libxml2.c:237:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/tclxml-3.2.7/tcldom-libxml2.c:238:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tclxml-3.2.7/tcldom-libxml2.c:238:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tclxml-3.2.7/tcldom-libxml2.c:3866:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varname, "::dom::%s::nodelist.%d", tDocPtr->token, domDocPtr->nodeCntr++);
data/tclxml-3.2.7/tcldom-libxml2.c:3963:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varname, "::dom::%s::att%d", tDocPtr->token, domDocPtr->nodeCntr++);
data/tclxml-3.2.7/tcldom-libxml2.c:6403:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tNodePtr->token, "::dom::%s::node%d", tDocPtr->token, domDocPtr->nodeCntr++);
data/tclxml-3.2.7/tcldom-libxml2.c:6421:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, tNodePtr->token);
data/tclxml-3.2.7/tcldom-libxml2.c:6848:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, tNodePtr->token);
data/tclxml-3.2.7/tcldom-libxml2.c:6969:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tNodePtr->token, "::dom::%s::event%d", tDocPtr->token, domDocPtr->nodeCntr++);
data/tclxml-3.2.7/tcldom-libxml2.c:6999:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, tNodePtr->token);
data/tclxml-3.2.7/tclxslt-libxslt.c:368:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) doc->URL, (char *) origDoc->URL);
data/tclxml-3.2.7/tclxslt-libxslt.c:1024:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, args);
data/tclxml-3.2.7/tclxslt-libxslt.c:1030:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buf, 2047, msg, args);
data/tclxml-3.2.7/win/nmakehlp.c:127:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, option);
data/tclxml-3.2.7/win/nmakehlp.c:222:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, option);
data/tclxml-3.2.7/win/nmakehlp.c:131:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclxml-3.2.7/win/nmakehlp.c:131:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclxml-3.2.7/win/nmakehlp.c:226:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclxml-3.2.7/win/nmakehlp.c:226:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclxml-3.2.7/docObj.c:227:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tDocPtr->token, "doc%d", tsdPtr->docCntr++);
data/tclxml-3.2.7/nodeObj.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dbgbuf[200];
data/tclxml-3.2.7/tcldom-libxml2.c:776:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tclxml-3.2.7/tcldom-libxml2.c:2101:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prefix, "ns%d", domDocPtr->nodeCntr++);
data/tclxml-3.2.7/tcldom-libxml2.c:2141:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prefix, "ns%d", domDocPtr->nodeCntr);
data/tclxml-3.2.7/tcldom-libxml2.c:2192:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prefix, "ns%d", domDocPtr->nodeCntr++);
data/tclxml-3.2.7/tcldom-libxml2.c:2813:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
eventType = (char *) TclDOM_EventTypes[eventPtr->type];
data/tclxml-3.2.7/tcldom-libxml2.c:3644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[100];
data/tclxml-3.2.7/tcldom-libxml2.c:4878:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
value = (char *) xmlGetProp(nodePtr, (const xmlChar *) Tcl_GetStringFromObj(optobjv[0], NULL));
data/tclxml-3.2.7/tcldom-libxml2.c:4894:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
value = (char *) xmlGetNsProp(nodePtr,
data/tclxml-3.2.7/tcldom-libxml2.c:4916:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
value = (char *) xmlGetProp(nodePtr, (const xmlChar *) Tcl_GetStringFromObj(optobjv[0], NULL));
data/tclxml-3.2.7/tcldom-libxml2.c:4952:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
value = (char *) xmlGetNsProp(nodePtr,
data/tclxml-3.2.7/tcldom-libxml2.c:6766:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *id, doc[21], node[21];
data/tclxml-3.2.7/tclxml.c:897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/tclxml-3.2.7/tclxml.c:903:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "xmlparser%d", tsdPtr->uniqueCounter++);
data/tclxml-3.2.7/tclxml.c:1450:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
data = (char *) Tcl_GetByteArrayFromObj(objv[2], &len);
data/tclxml-3.2.7/tclxslt-libxslt.c:430:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info->name, "style%d", tsdPtr->ssheetCntr++);
data/tclxml-3.2.7/tclxslt-libxslt.c:1017:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/tclxml-3.2.7/win/nmakehlp.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/tclxml-3.2.7/win/nmakehlp.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tclxml-3.2.7/win/nmakehlp.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tclxml-3.2.7/win/nmakehlp.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tclxml-3.2.7/win/nmakehlp.c:125:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdline, "cl.exe -nologo -c -TC -Fdtemp ");
data/tclxml-3.2.7/win/nmakehlp.c:129:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdline, " nul");
data/tclxml-3.2.7/win/nmakehlp.c:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tclxml-3.2.7/win/nmakehlp.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tclxml-3.2.7/win/nmakehlp.c:220:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdline, "link.exe -nologo ");
data/tclxml-3.2.7/docObj.c:211:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->length = strlen(tDocPtr->token);
data/tclxml-3.2.7/docObj.c:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->length = strlen(tDocPtr->token);
data/tclxml-3.2.7/docObj.c:531:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->length = strlen(tDocPtr->token);
data/tclxml-3.2.7/tcldom-libxml2.c:1878:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) xpathObj->stringval));
data/tclxml-3.2.7/tcldom-libxml2.c:2096:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix, buf, bufptr - buf - 1);
data/tclxml-3.2.7/tcldom-libxml2.c:2136:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix, buf, bufptr - buf - 1);
data/tclxml-3.2.7/tcldom-libxml2.c:2188:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix, buf, bufptr - buf - 1);
data/tclxml-3.2.7/tcldom-libxml2.c:6420:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->bytes = Tcl_Alloc(strlen(tNodePtr->token) + 1);
data/tclxml-3.2.7/tcldom-libxml2.c:6422:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->length = strlen(objPtr->bytes);
data/tclxml-3.2.7/tcldom-libxml2.c:6847:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->bytes = Tcl_Alloc(strlen(tNodePtr->token) + 1);
data/tclxml-3.2.7/tcldom-libxml2.c:6849:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->length = strlen(objPtr->bytes);
data/tclxml-3.2.7/tcldom-libxml2.c:6998:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->bytes = Tcl_Alloc(strlen(tNodePtr->token) + 1);
data/tclxml-3.2.7/tcldom-libxml2.c:7000:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objPtr->length = strlen(objPtr->bytes);
data/tclxml-3.2.7/tclxml-libxml2.c:412:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen;
data/tclxml-3.2.7/tclxml-libxml2.c:418:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = Tcl_GetStringFromObj(objPtr, &strlen);
data/tclxml-3.2.7/tclxml-libxml2.c:419:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
preservens[i] = xmlCharStrndup(str, strlen);
data/tclxml-3.2.7/tclxml.c:1447:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(encoding) == 0 || strcmp(encoding, "utf-8") == 0) {
data/tclxml-3.2.7/tclxslt-libxslt.c:367:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc->URL = (const xmlChar *) Tcl_Alloc(strlen((char *) origDoc->URL) + 1);
data/tclxml-3.2.7/win/nmakehlp.c:150:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
data/tclxml-3.2.7/win/nmakehlp.c:245:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 18121 in approximately 0.37 seconds (48825 lines/second)
Physical Source Lines of Code (SLOC) = 12288
Hits@level = [0] 8 [1] 20 [2] 27 [3] 4 [4] 18 [5] 0
Hits@level+ = [0+] 77 [1+] 69 [2+] 49 [3+] 22 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 6.26628 [1+] 5.61523 [2+] 3.98763 [3+] 1.79036 [4+] 1.46484 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.