Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/wxedid-0.0.21/src/CEA_class.cpp Examining data/wxedid-0.0.21/src/CEA_EXT_class.cpp Examining data/wxedid-0.0.21/src/EDID.h Examining data/wxedid-0.0.21/src/debug.h Examining data/wxedid-0.0.21/src/config.h Examining data/wxedid-0.0.21/src/def_types.h Examining data/wxedid-0.0.21/src/EDID_class.h Examining data/wxedid-0.0.21/src/guilog.h Examining data/wxedid-0.0.21/src/CEA_EXT.h Examining data/wxedid-0.0.21/src/wxEDID_App.h Examining data/wxedid-0.0.21/src/CEA.h Examining data/wxedid-0.0.21/src/EDID_class.cpp Examining data/wxedid-0.0.21/src/wxEDID_App.cpp Examining data/wxedid-0.0.21/src/guilog.cpp Examining data/wxedid-0.0.21/src/svd_vidfmt.h Examining data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.h Examining data/wxedid-0.0.21/src/returncode/rcd_scp.tmp.c Examining data/wxedid-0.0.21/src/returncode/rcd_scp_ptr.tmp.h Examining data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c Examining data/wxedid-0.0.21/src/returncode/rcd_scp.tmp.h Examining data/wxedid-0.0.21/src/returncode/rcode.h Examining data/wxedid-0.0.21/src/returncode/rcd_fn_bm.tmp.c Examining data/wxedid-0.0.21/src/returncode/rcd_scp_dm.tmp.c Examining data/wxedid-0.0.21/src/wxEDID_Main.h Examining data/wxedid-0.0.21/src/rcdunits.h Examining data/wxedid-0.0.21/src/wxEDID_Main.cpp FINAL RESULTS: data/wxedid-0.0.21/src/debug.h:72:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(__debug_dbg0_fd, __VA_ARGS__) data/wxedid-0.0.21/src/debug.h:83:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(__debug_dbg1_fd, __VA_ARGS__) data/wxedid-0.0.21/src/debug.h:94:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(__debug_dbg2_fd, __VA_ARGS__) data/wxedid-0.0.21/src/debug.h:103:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(__debug_dbg2_fd, __VA_ARGS__) data/wxedid-0.0.21/src/debug.h:109:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(__debug_err_fd, __VA_ARGS__) data/wxedid-0.0.21/src/debug.h:112:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(__debug_log_fd, __VA_ARGS__) data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:255:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(vmsg->msg_buf, RCD_VMSG_MAX_SZ, fmt, argp ); data/wxedid-0.0.21/src/CEA_EXT.h:318:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char svd_num[8]; data/wxedid-0.0.21/src/CEA_EXT_class.cpp:138:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:878:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, mtd_hdr, (n_fld * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1056:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, CEA_BlkHdr_fields, (CEA_BlkHdr_fcount * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1060:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, &SVR_code_fld, edi_fld_sz ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1199:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, CEA_BlkHdr_fields, (CEA_BlkHdr_fcount * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1207:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, &bitmap_fld, edi_fld_sz ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1274:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1348:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) fields, p_fld, (fcount * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1660:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1705:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1827:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, CEA_BlkHdr_fields, (fcount * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:147:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, &unknown_byte_fld, sizeof(edi_field_t) ); data/wxedid-0.0.21/src/CEA_class.cpp:508:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte0_afc1_14, (byte0_afc1_14_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:514:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte0_afc1_14, (byte0_afc1_14_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:521:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte0_afc15_ace11_12, (byte0_afc15_ace11_12_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:528:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte0_afc15_ace13, (byte0_afc15_ace13_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:542:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte1_afc1_14_ace11, (byte1_afc1_14_ace11_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:548:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte1_afc15_ace456810, (byte1_afc15_ace456810_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:553:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte1_afc15_ace12_fsmp, (byte1_afc15_ace12_fsmp_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:558:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte1_afc15_ace13, (byte1_afc15_ace13_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:572:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc1, (byte2_afc1_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:578:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc2_8, (byte2_afc2_8_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:584:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc9_13, (byte2_afc9_13_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:590:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc14, (byte2_afc14_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:597:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc15_ace456, (byte2_afc15_ace456_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:603:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc15_ace8_10, (byte2_afc15_ace8_10_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:609:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc15_ace11_12, (byte2_afc15_ace11_12_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:615:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, byte2_afc15_ace13, (byte2_afc15_ace13_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/CEA_class.cpp:1082:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) p_fld, CEA_BlkHdr_fields, (fcount * edi_fld_sz) ); data/wxedid-0.0.21/src/EDID_class.cpp:631:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chbit[12]; chbit[11] = 0; data/wxedid-0.0.21/src/EDID_class.cpp:735:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuff[maxl+1]; data/wxedid-0.0.21/src/EDID_class.cpp:750:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbuff, sval.ToAscii(), sval.Len()); data/wxedid-0.0.21/src/EDID_class.cpp:982:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuff[4]; data/wxedid-0.0.21/src/EDID_class.cpp:1001:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbuff, sval.ToAscii(), 3); data/wxedid-0.0.21/src/EDID_class.cpp:1236:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) fields, in_digital, (in_digital_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/EDID_class.cpp:1239:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) fields, in_analog, (in_analog_fcnt * edi_fld_sz) ); data/wxedid-0.0.21/src/EDID_class.cpp:2681:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void*) &pfld->field, &field_arr[itf], sizeof(edi_field_t) ); data/wxedid-0.0.21/src/guilog.h:24:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcd_msg_buff[msg_buf_sz]; data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:57:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[64]; data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:126:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, rscp->base_name, (size_t) len); //base name data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:134:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, p_un->un_dir, (size_t) len); //unit dir data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:137:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, p_un->un_file, (size_t) len); //file name data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:158:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, msg, (size_t) mlen); //message data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:234:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[buf_sz]; data/wxedid-0.0.21/src/returncode/rcode.h:304:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[RCD_VMSG_MAX_SZ]; data/wxedid-0.0.21/src/wxEDID_App.cpp:92:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (! cfg_file.Open(cfg_str, wxFile::read) ) { data/wxedid-0.0.21/src/wxEDID_Main.cpp:1205:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (! file.Open(tmps, wxFile::read) ) RCD_RETURN_FAULT(retU); data/wxedid-0.0.21/src/wxEDID_Main.cpp:1328:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpi = (16 - strlen(p_field->field.name)); data/wxedid-0.0.21/src/wxEDID_Main.cpp:1567:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (! file.Open(tmps, wxFile::read) ) RCD_RETURN_FAULT(retU); ANALYSIS SUMMARY: Hits = 57 Lines analyzed = 12595 in approximately 0.36 seconds (35388 lines/second) Physical Source Lines of Code (SLOC) = 9412 Hits@level = [0] 3 [1] 4 [2] 46 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 60 [1+] 57 [2+] 53 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 6.37484 [1+] 6.0561 [2+] 5.63111 [3+] 0.743731 [4+] 0.743731 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.