Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tk707-0.8/texi2help.c
Examining data/tk707-0.8/tcl2c.c
Examining data/tk707-0.8/util707.c
Examining data/tk707-0.8/util707.h
Examining data/tk707-0.8/element707.c
Examining data/tk707-0.8/play.c
Examining data/tk707-0.8/title_defs.c
Examining data/tk707-0.8/score_defs.c
Examining data/tk707-0.8/defsa.c
Examining data/tk707-0.8/ports.c
Examining data/tk707-0.8/title.c
Examining data/tk707-0.8/score.c
Examining data/tk707-0.8/gui.c
Examining data/tk707-0.8/procs.c
Examining data/tk707-0.8/help.c
Examining data/tk707-0.8/tk707.c
Examining data/tk707-0.8/nix_bit.h
Examining data/tk707-0.8/playa.c
Examining data/tk707-0.8/defs.c
Examining data/tk707-0.8/tk707AppInit.c
FINAL RESULTS:
data/tk707-0.8/util707.c:164:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%3d:%-3d %-30.30s %s\n",
data/tk707-0.8/util707.c:247:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%3d:%-3d %-30.30s %s\n", pinfo.client, pinfo.port, cinfo.name, pinfo.name);
data/tk707-0.8/play.c:180:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (c=getopt(argc, argv, "hp:l")) > 0 )
data/tk707-0.8/playa.c:180:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (c=getopt(argc, argv, "hp:l")) > 0 )
data/tk707-0.8/play.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/tk707-0.8/play.c:565:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[8];
data/tk707-0.8/play.c:569:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d,note", i);
data/tk707-0.8/play.c:570:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tk707->sounds[i-1] = atoi(Tcl_GetVar2(interp, "sound", index,
data/tk707-0.8/playa.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/tk707-0.8/playa.c:565:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[8];
data/tk707-0.8/playa.c:569:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d,note", i);
data/tk707-0.8/playa.c:570:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tk707->sounds[i-1] = atoi(Tcl_GetVar2(interp, "sound", index,
data/tk707-0.8/util707.c:87:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a[count++] = atoi(cp);
data/tk707-0.8/util707.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/tk707-0.8/util707.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/tk707-0.8/play.c:216:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("tkxox", strlen("tkxox")),
data/tk707-0.8/play.c:217:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("ALSA_OUTPORT", strlen("ALSA_OUTPORT")),
data/tk707-0.8/play.c:228:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
descObj = Tcl_NewStringObj(portdesc, strlen(portdesc));
data/tk707-0.8/play.c:230:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("tkxox", strlen("tkxox")),
data/tk707-0.8/play.c:231:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("ALSA_OUTPORT", strlen("ALSA_OUTPORT")),
data/tk707-0.8/play.c:453:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_SetObjResult(interp, Tcl_NewStringObj(commentval, strlen(commentval)));
data/tk707-0.8/play.c:464:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_SetObjResult(interp, Tcl_NewStringObj(commentval, strlen(commentval)));
data/tk707-0.8/play.c:533:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_ListObjAppendElement(interp, prop_list, Tcl_NewStringObj(comment,strlen(comment)));
data/tk707-0.8/play.c:1080:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("tkxox", strlen("tkxox")),
data/tk707-0.8/play.c:1081:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("ALSA_OUTPORT", strlen("ALSA_OUTPORT")),
data/tk707-0.8/play.c:1154:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(name, strlen(name)));
data/tk707-0.8/play.c:1157:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(name, strlen(name)));
data/tk707-0.8/play.c:1217:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(pinfo.name, strlen(pinfo.name)));
data/tk707-0.8/play.c:1219:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(cinfo.name, strlen(cinfo.name)));
data/tk707-0.8/playa.c:216:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("tkxox", strlen("tkxox")),
data/tk707-0.8/playa.c:217:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("ALSA_OUTPORT", strlen("ALSA_OUTPORT")),
data/tk707-0.8/playa.c:228:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
descObj = Tcl_NewStringObj(portdesc, strlen(portdesc));
data/tk707-0.8/playa.c:230:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("tkxox", strlen("tkxox")),
data/tk707-0.8/playa.c:231:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("ALSA_OUTPORT", strlen("ALSA_OUTPORT")),
data/tk707-0.8/playa.c:453:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_SetObjResult(interp, Tcl_NewStringObj(commentval, strlen(commentval)));
data/tk707-0.8/playa.c:464:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_SetObjResult(interp, Tcl_NewStringObj(commentval, strlen(commentval)));
data/tk707-0.8/playa.c:533:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_ListObjAppendElement(interp, prop_list, Tcl_NewStringObj(comment,strlen(comment)));
data/tk707-0.8/playa.c:1080:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("tkxox", strlen("tkxox")),
data/tk707-0.8/playa.c:1081:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj("ALSA_OUTPORT", strlen("ALSA_OUTPORT")),
data/tk707-0.8/playa.c:1154:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(name, strlen(name)));
data/tk707-0.8/playa.c:1157:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(name, strlen(name)));
data/tk707-0.8/playa.c:1217:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(pinfo.name, strlen(pinfo.name)));
data/tk707-0.8/playa.c:1219:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_NewStringObj(cinfo.name, strlen(cinfo.name)));
data/tk707-0.8/tcl2c.c:69:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(in)) != EOF) {
data/tk707-0.8/tcl2c.c:88:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; (c = getc(in)) != EOF;)
data/tk707-0.8/texi2help.c:800:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/tk707-0.8/texi2help.c:2013:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yy_str,strlen(yy_str) );
data/tk707-0.8/util707.c:77:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr = (snd_seq_addr_t*)calloc((unsigned)(sizeof(snd_seq_addr_t)*strlen(portdesc)), 1);
ANALYSIS SUMMARY:
Hits = 48
Lines analyzed = 13886 in approximately 0.62 seconds (22323 lines/second)
Physical Source Lines of Code (SLOC) = 5599
Hits@level = [0] 60 [1] 33 [2] 11 [3] 2 [4] 2 [5] 0
Hits@level+ = [0+] 108 [1+] 48 [2+] 15 [3+] 4 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 19.2892 [1+] 8.57296 [2+] 2.67905 [3+] 0.714413 [4+] 0.357207 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.