Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ucpp-1.3.2/assert.c
Examining data/ucpp-1.3.2/lexer.c
Examining data/ucpp-1.3.2/arith.h
Examining data/ucpp-1.3.2/cpp.h
Examining data/ucpp-1.3.2/hash.h
Examining data/ucpp-1.3.2/ucppi.h
Examining data/ucpp-1.3.2/mem.h
Examining data/ucpp-1.3.2/eval.c
Examining data/ucpp-1.3.2/sample.c
Examining data/ucpp-1.3.2/cpp.c
Examining data/ucpp-1.3.2/arith.c
Examining data/ucpp-1.3.2/nhash.c
Examining data/ucpp-1.3.2/config.h
Examining data/ucpp-1.3.2/atest.c
Examining data/ucpp-1.3.2/macro.c
Examining data/ucpp-1.3.2/nhash.h
Examining data/ucpp-1.3.2/mem.c
Examining data/ucpp-1.3.2/hash.c
Examining data/ucpp-1.3.2/tune.h
FINAL RESULTS:
data/ucpp-1.3.2/cpp.c:88:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ucpp-1.3.2/cpp.c:105:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ucpp-1.3.2/cpp.c:134:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ucpp-1.3.2/cpp.c:551:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b, "# %ld \"%s\"\n", ls->line, fn);
data/ucpp-1.3.2/cpp.c:553:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b, "#line %ld \"%s\"\n", ls->line, fn);
data/ucpp-1.3.2/cpp.c:1367:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname + j, tname(tf2.t[i]));
data/ucpp-1.3.2/macro.c:200:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(emit_output, i ? ", %s" : "%s", m->arg[i]);
data/ucpp-1.3.2/macro.c:991:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x + tlen, token_name(tf->t + i));
data/ucpp-1.3.2/cpp.c:608:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY, 0);
data/ucpp-1.3.2/cpp.c:735:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(f = fopen(s ? s : name, "r"))
data/ucpp-1.3.2/cpp.c:802:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "r");
data/ucpp-1.3.2/cpp.c:836:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(HASH_ITEM_NAME(ff), "r");
data/ucpp-1.3.2/cpp.c:935:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(HASH_ITEM_NAME(ff), "r");
data/ucpp-1.3.2/cpp.c:949:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "r");
data/ucpp-1.3.2/cpp.c:2451:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ls->output = fopen(argv[i], "w");
data/ucpp-1.3.2/cpp.c:2481:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ls->input = fopen(filename, "r");
data/ucpp-1.3.2/cpp.h:165:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char copy_line[COPY_LINE_LENGTH];
data/ucpp-1.3.2/lexer.c:96:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[CMCR];
data/ucpp-1.3.2/lexer.c:671:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex[16] = "0123456789abcdef";
data/ucpp-1.3.2/lexer.c:967:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[11];
data/ucpp-1.3.2/macro.c:1008:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compile_time[12], compile_date[24];
data/ucpp-1.3.2/macro.c:1060:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30], *bbuf, *cfn;
data/ucpp-1.3.2/macro.c:1065:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", l);
data/ucpp-1.3.2/mem.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nm, m, x);
data/ucpp-1.3.2/mem.c:153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dest, src, n);
data/ucpp-1.3.2/mem.h:77:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define mmv memcpy
data/ucpp-1.3.2/nhash.c:200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ident + sizeof(unsigned), name, n);
data/ucpp-1.3.2/assert.c:345:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(aval) + 1;
data/ucpp-1.3.2/assert.c:369:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(aval) + 1;
data/ucpp-1.3.2/cpp.c:549:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b = getmem(50 + strlen(fn));
data/ucpp-1.3.2/cpp.c:664:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nl = strlen(name);
data/ucpp-1.3.2/cpp.c:678:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(rfn) - 1; i >= 0; i --)
data/ucpp-1.3.2/cpp.c:751:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ni = strlen(include_path[i]);
data/ucpp-1.3.2/cpp.c:895:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nl = strlen(name);
data/ucpp-1.3.2/cpp.c:904:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ni = strlen(include_path[i]);
data/ucpp-1.3.2/cpp.c:1347:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = strlen(fname);
data/ucpp-1.3.2/cpp.c:1352:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = strlen(fname);
data/ucpp-1.3.2/cpp.c:1363:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(tname(tf2.t[i]));
data/ucpp-1.3.2/cpp.c:1368:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(tname(tf2.t[i]));
data/ucpp-1.3.2/cpp.c:1522:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = strlen(fname);
data/ucpp-1.3.2/cpp.c:1527:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = strlen(fname);
data/ucpp-1.3.2/cpp.c:1594:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(tf->t[tf->art].name) + 1;
data/ucpp-1.3.2/cpp.c:1606:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(tn);
data/ucpp-1.3.2/lexer.c:508:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int x = getc(ls->input);
data/ucpp-1.3.2/macro.c:229:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += 1 + strlen((char *)(m->cval.t + i));
data/ucpp-1.3.2/macro.c:563:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen((char *)(n->cval.t + n->cval.rp));
data/ucpp-1.3.2/macro.c:641:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += 1 + strlen(mval.t[i].name);
data/ucpp-1.3.2/macro.c:652:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t x = 1 + strlen(mval.t[i].name);
data/ucpp-1.3.2/macro.c:861:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(n1), l2 = strlen(n2);
data/ucpp-1.3.2/macro.c:861:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(n1), l2 = strlen(n2);
data/ucpp-1.3.2/macro.c:893:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bl = strlen(buf);
data/ucpp-1.3.2/macro.c:985:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen += strlen(token_name(tf->t + i));
data/ucpp-1.3.2/macro.c:992:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen += strlen(token_name(tf->t + i));
data/ucpp-1.3.2/macro.c:1075:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbuf = getmem(2 * strlen(cfn) + 3);
data/ucpp-1.3.2/macro.c:1240:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (buf = d = getmem(strlen(c)); *c != '"'; c ++) {
data/ucpp-1.3.2/macro.c:1323:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->cval.rp += 1 + strlen(ct->name);
data/ucpp-1.3.2/macro.c:1691:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(c) + 1;
data/ucpp-1.3.2/mem.c:171:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = 1 + strlen(src);
data/ucpp-1.3.2/mem.c:311:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = 1 + strlen(src);
data/ucpp-1.3.2/nhash.c:196:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(name) + 1;
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 11462 in approximately 0.33 seconds (34345 lines/second)
Physical Source Lines of Code (SLOC) = 7950
Hits@level = [0] 46 [1] 33 [2] 19 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 106 [1+] 60 [2+] 27 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 13.3333 [1+] 7.54717 [2+] 3.39623 [3+] 1.00629 [4+] 1.00629 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.