Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xcolorsel-1.1a/config.h Examining data/xcolorsel-1.1a/appdef-c.h Examining data/xcolorsel-1.1a/appdef.h Examining data/xcolorsel-1.1a/RgbSink.c Examining data/xcolorsel-1.1a/RgbSink.h Examining data/xcolorsel-1.1a/RgbSinkP.h Examining data/xcolorsel-1.1a/RgbSrc.c Examining data/xcolorsel-1.1a/RgbSrc.h Examining data/xcolorsel-1.1a/RgbSrcP.h Examining data/xcolorsel-1.1a/RgbText.c Examining data/xcolorsel-1.1a/RgbText.h Examining data/xcolorsel-1.1a/RgbTextP.h Examining data/xcolorsel-1.1a/defhelp.h Examining data/xcolorsel-1.1a/xcolorsel.c FINAL RESULTS: data/xcolorsel-1.1a/RgbText.c:584:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr," - %s\n",((RgbTextRec *)new)->rgb_text.colorlist[i].colorname); data/xcolorsel-1.1a/RgbText.c:1360:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format,fieldsize,cmscolin.spec.RGB.red,comma, data/xcolorsel-1.1a/RgbText.c:1389:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format,cmscolin.spec.RGB.red, data/xcolorsel-1.1a/RgbText.c:1425:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(destination,format); data/xcolorsel-1.1a/RgbText.c:1436:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/RgbText.c:1459:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/RgbText.c:1483:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/RgbText.c:1506:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/RgbText.c:1529:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/RgbText.c:1552:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/RgbText.c:1575:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(destination,format, data/xcolorsel-1.1a/xcolorsel.c:383:1: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(headline,"%s: %s",MyName,MyClass); data/xcolorsel-1.1a/xcolorsel.c:593:1: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(infoline,appres.info_message,GetNumEntries(text), data/xcolorsel-1.1a/xcolorsel.c:678:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(messbuf,templ,ptr); data/xcolorsel-1.1a/xcolorsel.c:747:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(messbuf,ptr,answer.repres, data/xcolorsel-1.1a/xcolorsel.c:756:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(messbuf,ptr,answer.repres,tmp/100,tmp%100); data/xcolorsel-1.1a/xcolorsel.c:784:1: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(messbuf,appres.info_next,(unsigned long)answer.offset, data/xcolorsel-1.1a/xcolorsel.c:933:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fname,default_help,strlen(appres.help_file)?appres.help_file:"<none>"); data/xcolorsel-1.1a/RgbText.c:337:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(fd=fopen(((RgbTextRec *)new)->rgb_text.file,"r"))) data/xcolorsel-1.1a/RgbText.c:660:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpc[20],*tmpptr=tmpc; data/xcolorsel-1.1a/RgbText.c:662:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpc,"0x%lx",vis_info.visualid); data/xcolorsel-1.1a/RgbText.c:682:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpc[20],*tmpptr=tmpc; data/xcolorsel-1.1a/RgbText.c:684:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpc,"0x%x",vis_ptr->class); data/xcolorsel-1.1a/RgbText.c:724:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpc[2][20]; data/xcolorsel-1.1a/RgbText.c:725:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *(tmpptr)[3]; data/xcolorsel-1.1a/RgbText.c:729:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpc[0],"%lu",(unsigned long)((RgbTextRec *)new)->rgb_text.colsalloc); data/xcolorsel-1.1a/RgbText.c:730:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpc[1],"%lu",(unsigned long)((RgbTextRec *)new)->rgb_text.max_rows); data/xcolorsel-1.1a/RgbText.c:1400:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(destination,"input: %*d, %*d, %*d", data/xcolorsel-1.1a/RgbText.c:1405:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(destination,"%d, %d, %d", data/xcolorsel-1.1a/xcolorsel.c:914:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=open(fname=appres.help_file,O_RDONLY,0); /* First search explicit set file */ data/xcolorsel-1.1a/xcolorsel.c:928:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=open(fname="Xcolorsel.help",O_RDONLY,0); data/xcolorsel-1.1a/RgbText.c:441:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((RgbTextRec *)new)->rgb_text.asciisize+=strlen(ptr); data/xcolorsel-1.1a/RgbText.c:1426:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fieldsize=strlen(destination); data/xcolorsel-1.1a/RgbText.c:1585:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(destination); data/xcolorsel-1.1a/xcolorsel.c:382:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headline=XtMalloc(strlen(MyClass)+strlen(MyName)+3l); data/xcolorsel-1.1a/xcolorsel.c:382:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headline=XtMalloc(strlen(MyClass)+strlen(MyName)+3l); data/xcolorsel-1.1a/xcolorsel.c:592:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). infoline=XtMalloc(strlen(appres.info_message)+30L); data/xcolorsel-1.1a/xcolorsel.c:677:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). allocmess(strlen(templ)+strlen(ptr)); data/xcolorsel-1.1a/xcolorsel.c:677:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). allocmess(strlen(templ)+strlen(ptr)); data/xcolorsel-1.1a/xcolorsel.c:744:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needed+=strlen(ptr)+strlen(answer.repres); data/xcolorsel-1.1a/xcolorsel.c:744:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needed+=strlen(ptr)+strlen(answer.repres); data/xcolorsel-1.1a/xcolorsel.c:783:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). allocmess(strlen(answer.repres)+strlen(appres.info_next)+30L); data/xcolorsel-1.1a/xcolorsel.c:783:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). allocmess(strlen(answer.repres)+strlen(appres.info_next)+30L); data/xcolorsel-1.1a/xcolorsel.c:913:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(appres.help_file)) data/xcolorsel-1.1a/xcolorsel.c:932:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname=XtMalloc(strlen(default_help)+strlen(appres.help_file)+10); data/xcolorsel-1.1a/xcolorsel.c:932:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname=XtMalloc(strlen(default_help)+strlen(appres.help_file)+10); data/xcolorsel-1.1a/xcolorsel.c:933:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(fname,default_help,strlen(appres.help_file)?appres.help_file:"<none>"); ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 4353 in approximately 0.17 seconds (26350 lines/second) Physical Source Lines of Code (SLOC) = 2910 Hits@level = [0] 6 [1] 16 [2] 13 [3] 0 [4] 18 [5] 0 Hits@level+ = [0+] 53 [1+] 47 [2+] 31 [3+] 18 [4+] 18 [5+] 0 Hits/KSLOC@level+ = [0+] 18.2131 [1+] 16.1512 [2+] 10.6529 [3+] 6.18557 [4+] 6.18557 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.