Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/basic256-2.0.0.11/BasicDock.cpp
Examining data/basic256-2.0.0.11/BasicDock.h
Examining data/basic256-2.0.0.11/BasicDownloader.cpp
Examining data/basic256-2.0.0.11/BasicDownloader.h
Examining data/basic256-2.0.0.11/BasicEdit.cpp
Examining data/basic256-2.0.0.11/BasicEdit.h
Examining data/basic256-2.0.0.11/BasicGraph.cpp
Examining data/basic256-2.0.0.11/BasicGraph.h
Examining data/basic256-2.0.0.11/BasicIcons.cpp
Examining data/basic256-2.0.0.11/BasicIcons.h
Examining data/basic256-2.0.0.11/BasicKeyboard.cpp
Examining data/basic256-2.0.0.11/BasicKeyboard.h
Examining data/basic256-2.0.0.11/BasicMediaPlayer.cpp
Examining data/basic256-2.0.0.11/BasicMediaPlayer.h
Examining data/basic256-2.0.0.11/BasicOutput.cpp
Examining data/basic256-2.0.0.11/BasicOutput.h
Examining data/basic256-2.0.0.11/BasicTypes.h
Examining data/basic256-2.0.0.11/BasicWidget.cpp
Examining data/basic256-2.0.0.11/BasicWidget.h
Examining data/basic256-2.0.0.11/CompileErrors.h
Examining data/basic256-2.0.0.11/Constants.h
Examining data/basic256-2.0.0.11/Convert.cpp
Examining data/basic256-2.0.0.11/Convert.h
Examining data/basic256-2.0.0.11/DataElement.cpp
Examining data/basic256-2.0.0.11/DataElement.h
Examining data/basic256-2.0.0.11/EditSyntaxHighlighter.cpp
Examining data/basic256-2.0.0.11/EditSyntaxHighlighter.h
Examining data/basic256-2.0.0.11/Error.cpp
Examining data/basic256-2.0.0.11/Error.h
Examining data/basic256-2.0.0.11/ErrorCodes.h
Examining data/basic256-2.0.0.11/Interpreter.cpp
Examining data/basic256-2.0.0.11/Interpreter.h
Examining data/basic256-2.0.0.11/LEX/basicParse.tab.c
Examining data/basic256-2.0.0.11/LEX/basicParse.tab.h
Examining data/basic256-2.0.0.11/LEX/lex.yy.c
Examining data/basic256-2.0.0.11/LineNumberArea.cpp
Examining data/basic256-2.0.0.11/LineNumberArea.h
Examining data/basic256-2.0.0.11/Main.cpp
Examining data/basic256-2.0.0.11/MainWindow.cpp
Examining data/basic256-2.0.0.11/MainWindow.h
Examining data/basic256-2.0.0.11/PreferencesWin.cpp
Examining data/basic256-2.0.0.11/PreferencesWin.h
Examining data/basic256-2.0.0.11/ReplaceWin.cpp
Examining data/basic256-2.0.0.11/ReplaceWin.h
Examining data/basic256-2.0.0.11/RunController.cpp
Examining data/basic256-2.0.0.11/RunController.h
Examining data/basic256-2.0.0.11/Settings.h
Examining data/basic256-2.0.0.11/Sleeper.cpp
Examining data/basic256-2.0.0.11/Sleeper.h
Examining data/basic256-2.0.0.11/Sound.cpp
Examining data/basic256-2.0.0.11/Sound.h
Examining data/basic256-2.0.0.11/Stack.cpp
Examining data/basic256-2.0.0.11/Stack.h
Examining data/basic256-2.0.0.11/VariableWin.cpp
Examining data/basic256-2.0.0.11/VariableWin.h
Examining data/basic256-2.0.0.11/Variables.cpp
Examining data/basic256-2.0.0.11/Variables.h
Examining data/basic256-2.0.0.11/Version.h
Examining data/basic256-2.0.0.11/ViewWidgetIFace.cpp
Examining data/basic256-2.0.0.11/ViewWidgetIFace.h
Examining data/basic256-2.0.0.11/WordCodes.h
Examining data/basic256-2.0.0.11/md5.cpp
Examining data/basic256-2.0.0.11/md5.h
FINAL RESULTS:
data/basic256-2.0.0.11/LEX/basicParse.tab.c:10491:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/basic256-2.0.0.11/LEX/lex.yy.c:7278:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, include_exec_path);
data/basic256-2.0.0.11/LEX/lex.yy.c:7280:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, filename);
data/basic256-2.0.0.11/Main.cpp:133:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
localecode = QLocale::system().name();
data/basic256-2.0.0.11/PreferencesWin.cpp:65:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != -1) allowsystemcombo->setCurrentIndex(system);
data/basic256-2.0.0.11/PreferencesWin.cpp:65:55: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != -1) allowsystemcombo->setCurrentIndex(system);
data/basic256-2.0.0.11/RunController.cpp:693:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sound->system(i);
data/basic256-2.0.0.11/Sound.cpp:1528:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void SoundSystem::system(int i){
data/basic256-2.0.0.11/Sound.h:182:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void system(int);
data/basic256-2.0.0.11/Interpreter.cpp:152:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
inpout32dll = LoadLibrary(L"inpout32.dll");
data/basic256-2.0.0.11/Interpreter.cpp:1058:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL)+QTime::currentTime().msec()*911L); rand(); rand(); // initialize the random number generator for this thread
data/basic256-2.0.0.11/Interpreter.cpp:2704:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/basic256-2.0.0.11/BasicEdit.cpp:200:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/basic256-2.0.0.11/BasicEdit.cpp:577:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QChar open;
data/basic256-2.0.0.11/BasicEdit.cpp:626:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(c==open){
data/basic256-2.0.0.11/BasicEdit.cpp:1041:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(f.open(QIODevice::ReadOnly)){
data/basic256-2.0.0.11/BasicGraph.cpp:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/basic256-2.0.0.11/BasicGraph.cpp:383:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%u,%u", tx, ty);
data/basic256-2.0.0.11/Interpreter.cpp:2227:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempf->QFile::open(stdout, QIODevice::WriteOnly);
data/basic256-2.0.0.11/Interpreter.cpp:2238:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!filehandle[fn]->open(QIODevice::ReadWrite | QIODevice::Text)) {
data/basic256-2.0.0.11/Interpreter.cpp:2243:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!filehandle[fn]->open(QIODevice::ReadWrite)) {
data/basic256-2.0.0.11/Interpreter.cpp:2310:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!p->open(QIODevice::ReadWrite)) {
data/basic256-2.0.0.11/Interpreter.cpp:2583:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!filehandle[fn]->open(QIODevice::ReadWrite | QIODevice::Truncate | QIODevice::Text)) {
data/basic256-2.0.0.11/Interpreter.cpp:2590:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!filehandle[fn]->open(QIODevice::ReadWrite | QIODevice::Truncate)) {
data/basic256-2.0.0.11/Interpreter.cpp:3449:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/basic256-2.0.0.11/Interpreter.cpp:5099:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = db.open();
data/basic256-2.0.0.11/Interpreter.cpp:5381:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&serv_addr.sin_addr.s_addr, (char *)server->h_addr, server->h_length);
data/basic256-2.0.0.11/Interpreter.cpp:5493:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHostname[100];
data/basic256-2.0.0.11/Interpreter.cpp:5499:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &sAddr.sin_addr.s_addr, pHostEnt->h_addr_list[nAdapter], pHostEnt->h_length);
data/basic256-2.0.0.11/Interpreter.cpp:5510:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/basic256-2.0.0.11/LEX/basicParse.tab.c:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/basic256-2.0.0.11/LEX/basicParse.tab.c:341:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"___%d_%d", id, type);
data/basic256-2.0.0.11/LEX/basicParse.tab.c:10791:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/basic256-2.0.0.11/LEX/basicParse.tab.c:10808:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/basic256-2.0.0.11/LEX/basicParse.tab.c:10998:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/basic256-2.0.0.11/LEX/lex.yy.c:4846:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ count(); yylval.number = atoi(yytext); return B256INTEGER; }
data/basic256-2.0.0.11/LEX/lex.yy.c:7274:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen( filename, "r" );
data/basic256-2.0.0.11/LEX/lex.yy.c:7277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[512];
data/basic256-2.0.0.11/LEX/lex.yy.c:7281:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen( str, "r" );
data/basic256-2.0.0.11/MainWindow.cpp:1163:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/basic256-2.0.0.11/Sound.cpp:778:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
soundsmap[lastIdUsed]->buffer->open(QIODevice::ReadOnly);
data/basic256-2.0.0.11/Sound.cpp:813:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
soundsmap[lastIdUsed]->buffer->open(QIODevice::ReadOnly);
data/basic256-2.0.0.11/Sound.cpp:906:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
soundsmap[lastIdUsed]->buffer->open(QIODevice::ReadWrite);
data/basic256-2.0.0.11/Sound.cpp:1016:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite|QIODevice::Truncate);
data/basic256-2.0.0.11/md5.cpp:264:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[index], input, firstpart);
data/basic256-2.0.0.11/md5.cpp:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[index], &input[i], length-i);
data/basic256-2.0.0.11/md5.cpp:291:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char padding[64] = {
data/basic256-2.0.0.11/md5.cpp:299:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/basic256-2.0.0.11/md5.cpp:335:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+i*2, "%02x", digest[i]);
data/basic256-2.0.0.11/Interpreter.cpp:674:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lexingfilename)!=0) {
data/basic256-2.0.0.11/Interpreter.cpp:1995:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((char *) op) + 1;
data/basic256-2.0.0.11/Interpreter.cpp:6390:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = bytesToFullWords(strlen((char*) o) + 1);
data/basic256-2.0.0.11/LEX/basicParse.tab.c:230:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(data) + 1;
data/basic256-2.0.0.11/LEX/basicParse.tab.c:233:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) (wordCode + wordOffset), data, len);
data/basic256-2.0.0.11/LEX/basicParse.tab.c:10672:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/basic256-2.0.0.11/LEX/lex.yy.c:4667:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/basic256-2.0.0.11/LEX/lex.yy.c:4881:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(yytext);
data/basic256-2.0.0.11/LEX/lex.yy.c:7237:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename[strlen(filename)-1] = 0x00;
data/basic256-2.0.0.11/LEX/lex.yy.c:7279:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "/");
data/basic256-2.0.0.11/LEX/lex.yy.c:8129:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 47657 in approximately 1.74 seconds (27400 lines/second)
Physical Source Lines of Code (SLOC) = 39509
Hits@level = [0] 21 [1] 11 [2] 37 [3] 3 [4] 9 [5] 0
Hits@level+ = [0+] 81 [1+] 60 [2+] 49 [3+] 12 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 2.05017 [1+] 1.51864 [2+] 1.24022 [3+] 0.303728 [4+] 0.227796 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.