Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tl-parser-0.0.0+git20180215.f49077de/tl-parser-tree.h
Examining data/tl-parser-0.0.0+git20180215.f49077de/tlc.c
Examining data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.h
Examining data/tl-parser-0.0.0+git20180215.f49077de/portable_endian.h
Examining data/tl-parser-0.0.0+git20180215.f49077de/tl-tl.h
Examining data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c
FINAL RESULTS:
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:324:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Expected %s", s);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:925:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TL_ERROR(...) fprintf (stderr, __VA_ARGS__);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:926:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TL_WARNING(...) fprintf (stderr, __VA_ARGS__);
data/tl-parser-0.0.0+git20180215.f49077de/tlc.c:66:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void logprintf (const char *format, ...) __attribute__ ((format (printf, 1, 2)));
data/tl-parser-0.0.0+git20180215.f49077de/tlc.c:70:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, ap);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:933:38: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*T = tree_insert_var_value (*T, t, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:941:38: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*T = tree_insert_var_value (*T, t, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:978:80: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
fields[namespace_level] = tree_insert_tl_field (fields[namespace_level], id, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:996:73: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
vars[namespace_level] = tree_insert_tl_var (vars[namespace_level], v, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1087:56: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tl_type_tree = tree_insert_tl_type (tl_type_tree, t, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1179:79: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tl_constructor_tree = tree_insert_tl_constructor (tl_constructor_tree, t, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1235:71: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tl_function_tree = tree_insert_tl_constructor (tl_function_tree, t, lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1907:29: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sprintf (s, "%llu", lrand48 () * (1ll << 32) + lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1907:56: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sprintf (s, "%llu", lrand48 () * (1ll << 32) + lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tlc.c:115:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "Ehve:w:")) != -1) {
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char error_int_must_be_4_byte[(sizeof (int) == 4) ? 1 : -1];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char error_long_long_must_be_8_byte[(sizeof (long long) == 8) ? 1 : -1];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t, P->c, sizeof (void *) * (P->size - 1));
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:323:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:334:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open (fname, O_RDONLY);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:891:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (z, a, len);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1055:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id, _id, len);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id, _id, x);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id, _id, x);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1240:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[(1 << 20)];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (S, T, sizeof (*S));
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + buf_pos, s, len); buf_pos += len;
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1298:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + buf_pos, s, len); buf_pos += len;
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1354:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[30];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1355:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_buf, "+%lld", T->type_flags);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1381:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[30];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1391:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[30];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1392:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_buf, "%lld", T->left->type_flags);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1423:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[10];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1424:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_buf, "#%08x", c->name);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1906:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1907:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "%llu", lrand48 () * (1ll << 32) + lrand48 ());
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2261:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[100000];
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2349:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _buf[100000];
data/tl-parser-0.0.0+git20180215.f49077de/tlc.c:59:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int f = open (filename, O_CREAT | O_WRONLY | O_TRUNC, 0640);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:181:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tfree (last_error, strlen (last_error) + 1);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:322:139: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!parse.lex.ptr || parse.lex.ptr == (void *)-1 || parse.lex.type == lex_error || parse.lex.type == lex_none || parse.lex.len != (int)strlen (s) || memcmp (s, parse.lex.ptr, parse.lex.len)) {
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:348:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
save.len = read (fd, save.text, size);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1289:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0) { len = strlen (s); }
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1296:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0) { len = strlen (s); }
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:1943:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct tl_var *v = tl_get_var (id, strlen (id));
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2263:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct tl_type *nt = tl_add_type (_buf, strlen (_buf), t->params_num - cc, t->params_types >> cc);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2289:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct tl_constructor *r = tl_add_constructor (nt, _buf, strlen (_buf), 1);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2353:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct tl_constructor *r = !fun ? tl_add_constructor (c->type, _buf, strlen (_buf), 1) : tl_add_function (c->type, _buf, strlen (_buf), 1);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2353:124: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct tl_constructor *r = !fun ? tl_add_constructor (c->type, _buf, strlen (_buf), 1) : tl_add_function (c->type, _buf, strlen (_buf), 1);
data/tl-parser-0.0.0+git20180215.f49077de/tl-parser.c:2743:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int x = strlen (s);
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 3744 in approximately 0.11 seconds (33408 lines/second)
Physical Source Lines of Code (SLOC) = 3206
Hits@level = [0] 21 [1] 11 [2] 25 [3] 10 [4] 5 [5] 0
Hits@level+ = [0+] 72 [1+] 51 [2+] 40 [3+] 15 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 22.4579 [1+] 15.9077 [2+] 12.4766 [3+] 4.67873 [4+] 1.55958 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.