Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vkeybd-0.1.18d/awe_voice.h Examining data/vkeybd-0.1.18d/fskip.c Examining data/vkeybd-0.1.18d/itypes.h Examining data/vkeybd-0.1.18d/malloc.c Examining data/vkeybd-0.1.18d/oper_alsa.c Examining data/vkeybd-0.1.18d/oper_awe.c Examining data/vkeybd-0.1.18d/oper_midi.c Examining data/vkeybd-0.1.18d/sffile.c Examining data/vkeybd-0.1.18d/sffile.h Examining data/vkeybd-0.1.18d/sftovkb.c Examining data/vkeybd-0.1.18d/util.h Examining data/vkeybd-0.1.18d/vkb.c Examining data/vkeybd-0.1.18d/vkb.h Examining data/vkeybd-0.1.18d/vkb_device.c FINAL RESULTS: data/vkeybd-0.1.18d/vkb.c:305:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/vkeybd-0.1.18d/awe_voice.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[0]; data/vkeybd-0.1.18d/awe_voice.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[AWE_PATCH_NAME_LEN]; data/vkeybd-0.1.18d/fskip.c:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/vkeybd-0.1.18d/itypes.h:27:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define get32rec(vp,cp) memcpy(vp, cp, 4) data/vkeybd-0.1.18d/oper_alsa.c:120:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *client = atoi(arg); data/vkeybd-0.1.18d/oper_alsa.c:121:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *port = atoi(p + 1); data/vkeybd-0.1.18d/oper_alsa.c:168:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id[2]; data/vkeybd-0.1.18d/oper_alsa.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/vkeybd-0.1.18d/oper_alsa.c:218:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "wm title . \"Virtual Keyboard ver.1.9 \\[%d:%d\\]\"", my_client, my_port); data/vkeybd-0.1.18d/oper_alsa.c:296:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sysex[11] = { data/vkeybd-0.1.18d/oper_alsa.c:308:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sysex[11] = { data/vkeybd-0.1.18d/oper_awe.c:124:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((seqfd = open(seqdev, O_WRONLY, 0)) < 0) { data/vkeybd-0.1.18d/oper_midi.c:101:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(mididev, "w")) == NULL) { data/vkeybd-0.1.18d/oper_midi.c:175:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sysex[11] = { data/vkeybd-0.1.18d/oper_midi.c:187:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sysex[11] = { data/vkeybd-0.1.18d/sffile.c:608:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(layp->list, &bags->gen[genNdx], data/vkeybd-0.1.18d/sffile.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[4]; data/vkeybd-0.1.18d/sffile.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/vkeybd-0.1.18d/sffile.h:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/vkeybd-0.1.18d/sftovkb.c:43:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(argv[1], "r")) == NULL) { data/vkeybd-0.1.18d/vkb.c:174:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (oper->open(interp, &private)) { data/vkeybd-0.1.18d/vkb.c:206:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). note = atoi(argv[1]); data/vkeybd-0.1.18d/vkb.c:207:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vel = atoi(argv[2]); data/vkeybd-0.1.18d/vkb.c:221:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). note = atoi(argv[1]); data/vkeybd-0.1.18d/vkb.c:222:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vel = atoi(argv[2]); data/vkeybd-0.1.18d/vkb.c:236:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). type = atoi(argv[1]); data/vkeybd-0.1.18d/vkb.c:237:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(argv[2]); data/vkeybd-0.1.18d/vkb.c:248:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seq_bank = atoi(argv[1]); data/vkeybd-0.1.18d/vkb.c:249:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seq_preset = atoi(argv[2]); data/vkeybd-0.1.18d/vkb.c:262:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seq_bend = atoi(argv[1]); data/vkeybd-0.1.18d/vkb.c:278:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oper->chorus_mode(interp, private, atoi(argv[1])); data/vkeybd-0.1.18d/vkb.c:290:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oper->reverb_mode(interp, private, atoi(argv[1])); data/vkeybd-0.1.18d/vkb.c:315:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *ret = atoi(var); data/vkeybd-0.1.18d/vkb.h:38:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(Tcl_Interp *ip, void **private_return); ANALYSIS SUMMARY: Hits = 35 Lines analyzed = 2748 in approximately 0.08 seconds (33571 lines/second) Physical Source Lines of Code (SLOC) = 1826 Hits@level = [0] 43 [1] 0 [2] 34 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 78 [1+] 35 [2+] 35 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 42.7163 [1+] 19.1676 [2+] 19.1676 [3+] 0.547645 [4+] 0.547645 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.