Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xcolorsel-1.1a/config.h
Examining data/xcolorsel-1.1a/appdef-c.h
Examining data/xcolorsel-1.1a/appdef.h
Examining data/xcolorsel-1.1a/RgbSink.c
Examining data/xcolorsel-1.1a/RgbSink.h
Examining data/xcolorsel-1.1a/RgbSinkP.h
Examining data/xcolorsel-1.1a/RgbSrc.c
Examining data/xcolorsel-1.1a/RgbSrc.h
Examining data/xcolorsel-1.1a/RgbSrcP.h
Examining data/xcolorsel-1.1a/RgbText.c
Examining data/xcolorsel-1.1a/RgbText.h
Examining data/xcolorsel-1.1a/RgbTextP.h
Examining data/xcolorsel-1.1a/defhelp.h
Examining data/xcolorsel-1.1a/xcolorsel.c
FINAL RESULTS:
data/xcolorsel-1.1a/RgbText.c:584:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ptr," - %s\n",((RgbTextRec *)new)->rgb_text.colorlist[i].colorname);
data/xcolorsel-1.1a/RgbText.c:1360:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,fieldsize,cmscolin.spec.RGB.red,comma,
data/xcolorsel-1.1a/RgbText.c:1389:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,cmscolin.spec.RGB.red,
data/xcolorsel-1.1a/RgbText.c:1425:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(destination,format);
data/xcolorsel-1.1a/RgbText.c:1436:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/RgbText.c:1459:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/RgbText.c:1483:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/RgbText.c:1506:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/RgbText.c:1529:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/RgbText.c:1552:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/RgbText.c:1575:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(destination,format,
data/xcolorsel-1.1a/xcolorsel.c:383:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(headline,"%s: %s",MyName,MyClass);
data/xcolorsel-1.1a/xcolorsel.c:593:1: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(infoline,appres.info_message,GetNumEntries(text),
data/xcolorsel-1.1a/xcolorsel.c:678:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(messbuf,templ,ptr);
data/xcolorsel-1.1a/xcolorsel.c:747:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(messbuf,ptr,answer.repres,
data/xcolorsel-1.1a/xcolorsel.c:756:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(messbuf,ptr,answer.repres,tmp/100,tmp%100);
data/xcolorsel-1.1a/xcolorsel.c:784:1: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(messbuf,appres.info_next,(unsigned long)answer.offset,
data/xcolorsel-1.1a/xcolorsel.c:933:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname,default_help,strlen(appres.help_file)?appres.help_file:"<none>");
data/xcolorsel-1.1a/RgbText.c:337:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(fd=fopen(((RgbTextRec *)new)->rgb_text.file,"r")))
data/xcolorsel-1.1a/RgbText.c:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpc[20],*tmpptr=tmpc;
data/xcolorsel-1.1a/RgbText.c:662:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpc,"0x%lx",vis_info.visualid);
data/xcolorsel-1.1a/RgbText.c:682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpc[20],*tmpptr=tmpc;
data/xcolorsel-1.1a/RgbText.c:684:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpc,"0x%x",vis_ptr->class);
data/xcolorsel-1.1a/RgbText.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpc[2][20];
data/xcolorsel-1.1a/RgbText.c:725:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(tmpptr)[3];
data/xcolorsel-1.1a/RgbText.c:729:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpc[0],"%lu",(unsigned long)((RgbTextRec *)new)->rgb_text.colsalloc);
data/xcolorsel-1.1a/RgbText.c:730:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpc[1],"%lu",(unsigned long)((RgbTextRec *)new)->rgb_text.max_rows);
data/xcolorsel-1.1a/RgbText.c:1400:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(destination,"input: %*d, %*d, %*d",
data/xcolorsel-1.1a/RgbText.c:1405:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(destination,"%d, %d, %d",
data/xcolorsel-1.1a/xcolorsel.c:914:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(fname=appres.help_file,O_RDONLY,0); /* First search explicit set file */
data/xcolorsel-1.1a/xcolorsel.c:928:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(fname="Xcolorsel.help",O_RDONLY,0);
data/xcolorsel-1.1a/RgbText.c:441:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((RgbTextRec *)new)->rgb_text.asciisize+=strlen(ptr);
data/xcolorsel-1.1a/RgbText.c:1426:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fieldsize=strlen(destination);
data/xcolorsel-1.1a/RgbText.c:1585:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(destination);
data/xcolorsel-1.1a/xcolorsel.c:382:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headline=XtMalloc(strlen(MyClass)+strlen(MyName)+3l);
data/xcolorsel-1.1a/xcolorsel.c:382:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headline=XtMalloc(strlen(MyClass)+strlen(MyName)+3l);
data/xcolorsel-1.1a/xcolorsel.c:592:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
infoline=XtMalloc(strlen(appres.info_message)+30L);
data/xcolorsel-1.1a/xcolorsel.c:677:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocmess(strlen(templ)+strlen(ptr));
data/xcolorsel-1.1a/xcolorsel.c:677:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocmess(strlen(templ)+strlen(ptr));
data/xcolorsel-1.1a/xcolorsel.c:744:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needed+=strlen(ptr)+strlen(answer.repres);
data/xcolorsel-1.1a/xcolorsel.c:744:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needed+=strlen(ptr)+strlen(answer.repres);
data/xcolorsel-1.1a/xcolorsel.c:783:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocmess(strlen(answer.repres)+strlen(appres.info_next)+30L);
data/xcolorsel-1.1a/xcolorsel.c:783:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocmess(strlen(answer.repres)+strlen(appres.info_next)+30L);
data/xcolorsel-1.1a/xcolorsel.c:913:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(appres.help_file))
data/xcolorsel-1.1a/xcolorsel.c:932:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname=XtMalloc(strlen(default_help)+strlen(appres.help_file)+10);
data/xcolorsel-1.1a/xcolorsel.c:932:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname=XtMalloc(strlen(default_help)+strlen(appres.help_file)+10);
data/xcolorsel-1.1a/xcolorsel.c:933:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(fname,default_help,strlen(appres.help_file)?appres.help_file:"<none>");
ANALYSIS SUMMARY:
Hits = 47
Lines analyzed = 4353 in approximately 0.17 seconds (26350 lines/second)
Physical Source Lines of Code (SLOC) = 2910
Hits@level = [0] 6 [1] 16 [2] 13 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 53 [1+] 47 [2+] 31 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 18.2131 [1+] 16.1512 [2+] 10.6529 [3+] 6.18557 [4+] 6.18557 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.