stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/blahtexml-0.9/Source/md5.c
Examining data/blahtexml-0.9/Source/md5.h
Examining data/blahtexml-0.9/Source/BlahtexCore/Parser.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/MacroProcessor.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/Parser.h
Examining data/blahtexml-0.9/Source/BlahtexCore/Manager.h
Examining data/blahtexml-0.9/Source/BlahtexCore/MathmlNode.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/LayoutTree.h
Examining data/blahtexml-0.9/Source/BlahtexCore/XmlEncode.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/Misc.h
Examining data/blahtexml-0.9/Source/BlahtexCore/ParseTree1.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/ParseTree2.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/ParseTree3.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/InputSymbolTranslation.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/Interface.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/ParseTree.h
Examining data/blahtexml-0.9/Source/BlahtexCore/Interface.h
Examining data/blahtexml-0.9/Source/BlahtexCore/MacroProcessor.h
Examining data/blahtexml-0.9/Source/BlahtexCore/InputSymbolTranslation.h
Examining data/blahtexml-0.9/Source/BlahtexCore/XmlEncode.h
Examining data/blahtexml-0.9/Source/BlahtexCore/MathmlNode.h
Examining data/blahtexml-0.9/Source/BlahtexCore/Manager.cpp
Examining data/blahtexml-0.9/Source/BlahtexCore/LayoutTree.cpp
Examining data/blahtexml-0.9/Source/Messages.cpp
Examining data/blahtexml-0.9/Source/UnicodeConverter.cpp
Examining data/blahtexml-0.9/Source/md5Wrapper.cpp
Examining data/blahtexml-0.9/Source/BlahtexXMLin/SAX2Output.cpp
Examining data/blahtexml-0.9/Source/BlahtexXMLin/BlahtexFilter.cpp
Examining data/blahtexml-0.9/Source/BlahtexXMLin/XercesString.h
Examining data/blahtexml-0.9/Source/BlahtexXMLin/AttributesImpl.cpp
Examining data/blahtexml-0.9/Source/BlahtexXMLin/SAX2Output.h
Examining data/blahtexml-0.9/Source/BlahtexXMLin/XercesString.cpp
Examining data/blahtexml-0.9/Source/BlahtexXMLin/BlahtexFilter.h
Examining data/blahtexml-0.9/Source/BlahtexXMLin/AttributesImpl.h
Examining data/blahtexml-0.9/Source/md5Wrapper.h
Examining data/blahtexml-0.9/Source/UnicodeConverter.h
Examining data/blahtexml-0.9/Source/mainPng.h
Examining data/blahtexml-0.9/Source/main.cpp
Examining data/blahtexml-0.9/Source/mainPng.cpp

FINAL RESULTS:

data/blahtexml-0.9/Source/mainPng.cpp:97:20:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    bool result = (system(command.c_str()) == 0);
data/blahtexml-0.9/Source/UnicodeConverter.cpp:123:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(inputBuf, input.c_str(), input.size());
data/blahtexml-0.9/Source/mainPng.cpp:84:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[5000];
data/blahtexml-0.9/Source/md5.c:169:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(xbuf, data, 64);
data/blahtexml-0.9/Source/md5.c:343:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf + offset, p, copy);
data/blahtexml-0.9/Source/md5.c:357:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf, p, left);
data/blahtexml-0.9/Source/md5Wrapper.cpp:27:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[16];

ANALYSIS SUMMARY:

Hits = 7
Lines analyzed = 14629 in approximately 0.42 seconds (34792 lines/second)
Physical Source Lines of Code (SLOC) = 10892
Hits@level = [0]   0 [1]   0 [2]   6 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]   7 [1+]   7 [2+]   7 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 0.642674 [1+] 0.642674 [2+] 0.642674 [3+] 0.0918105 [4+] 0.0918105 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.