Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cellwriter-1.3.6/config.h
Examining data/cellwriter-1.3.6/src/averages.c
Examining data/cellwriter-1.3.6/src/cellwidget.c
Examining data/cellwriter-1.3.6/src/common.h
Examining data/cellwriter-1.3.6/src/keyevent.c
Examining data/cellwriter-1.3.6/src/keys.h
Examining data/cellwriter-1.3.6/src/keywidget.c
Examining data/cellwriter-1.3.6/src/libegg/eggtrayicon.c
Examining data/cellwriter-1.3.6/src/libegg/eggtrayicon.h
Examining data/cellwriter-1.3.6/src/main.c
Examining data/cellwriter-1.3.6/src/preprocess.c
Examining data/cellwriter-1.3.6/src/recognize.h
Examining data/cellwriter-1.3.6/src/singleinstance.c
Examining data/cellwriter-1.3.6/src/statusicon.c
Examining data/cellwriter-1.3.6/src/stroke.c
Examining data/cellwriter-1.3.6/src/window.c
Examining data/cellwriter-1.3.6/src/wordfreq.c
Examining data/cellwriter-1.3.6/src/options.c
Examining data/cellwriter-1.3.6/src/recognize.c
Examining data/cellwriter-1.3.6/test/test.c
FINAL RESULTS:
data/cellwriter-1.3.6/src/main.c:756:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(file, format, va);
data/cellwriter-1.3.6/src/main.c:822:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, va);
data/cellwriter-1.3.6/src/main.c:285:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename(g_get_home_dir(), "." PACKAGE, NULL);
data/cellwriter-1.3.6/src/main.c:315:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename(g_get_home_dir(), "." PACKAGE,
data/cellwriter-1.3.6/src/main.c:324:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename(g_get_home_dir(), "." PACKAGE,
data/cellwriter-1.3.6/src/main.c:429:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename(g_get_home_dir(),
data/cellwriter-1.3.6/src/singleinstance.c:77:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename(g_get_home_dir(), "." PACKAGE, "fifo", NULL);
data/cellwriter-1.3.6/src/wordfreq.c:69:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path = g_build_filename(g_get_home_dir(), "." PACKAGE, "wordfreq",
data/cellwriter-1.3.6/test/test.c:137:39: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_print(" Home: %s\n", g_get_home_dir());
data/cellwriter-1.3.6/test/test.c:141:39: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_print(" Tmp: %s\n", g_get_tmp_dir());
data/cellwriter-1.3.6/test/test.c:151:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/cellwriter-1.3.6/src/cellwidget.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags, alt_ratings[ALTERNATES];
data/cellwriter-1.3.6/src/cellwidget.c:352:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[6] = { 0, 0, 0, 0, 0, 0 };
data/cellwriter-1.3.6/src/cellwidget.c:1704:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/cellwriter-1.3.6/src/keyevent.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char usable[256], pressed[256];
data/cellwriter-1.3.6/src/keyevent.c:203:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[32];
data/cellwriter-1.3.6/src/libegg/eggtrayicon.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/cellwriter-1.3.6/src/libegg/eggtrayicon.c:555:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ev.data, message, 20);
data/cellwriter-1.3.6/src/libegg/eggtrayicon.c:561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ev.data, message, len);
data/cellwriter-1.3.6/src/main.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2][16000];
data/cellwriter-1.3.6/src/main.c:246:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char profile_buf[4096], *profile_end = NULL, profile_swap,
data/cellwriter-1.3.6/src/main.c:572:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s);
data/cellwriter-1.3.6/src/main.c:600:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(profile_read());
data/cellwriter-1.3.6/src/main.c:816:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/cellwriter-1.3.6/src/main.c:863:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(log_filename, "w");
data/cellwriter-1.3.6/src/recognize.c:663:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sample.ch = atoi(profile_read());
data/cellwriter-1.3.6/src/recognize.c:668:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sample.used = atoi(profile_read());
data/cellwriter-1.3.6/src/recognize.c:705:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(str);
data/cellwriter-1.3.6/src/recognize.c:706:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(profile_read());
data/cellwriter-1.3.6/src/recognize.h:49:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char processed,
data/cellwriter-1.3.6/src/recognize.h:143:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char valid, order[STROKES_MAX], reverse[STROKES_MAX],
data/cellwriter-1.3.6/src/singleinstance.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/cellwriter-1.3.6/src/singleinstance.c:82:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fifo = open(path, O_WRONLY | O_NONBLOCK)) > 0) {
data/cellwriter-1.3.6/src/singleinstance.c:104:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fifo = open(path, O_RDWR | O_NONBLOCK)) == -1) {
data/cellwriter-1.3.6/src/stroke.c:147:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stroke, src, STROKE_SIZE(src->size));
data/cellwriter-1.3.6/src/stroke.c:149:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stroke, src, sizeof (Stroke));
data/cellwriter-1.3.6/src/stroke.c:216:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->points + a->len, b->points, b->len * sizeof (Point));
data/cellwriter-1.3.6/src/wordfreq.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[24];
data/cellwriter-1.3.6/src/wordfreq.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], *path;
data/cellwriter-1.3.6/src/wordfreq.c:122:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordfreqs[i].string, buf, len);
data/cellwriter-1.3.6/src/wordfreq.c:129:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wordfreqs_count += wordfreqs[i].count = log(atoi(pbuf));
data/cellwriter-1.3.6/src/libegg/eggtrayicon.c:527:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (message);
data/cellwriter-1.3.6/src/main.c:554:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_io_channel_write_chars(channel, str, strlen(str), &bytes_written,
data/cellwriter-1.3.6/src/wordfreq.c:148:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pre_len = strlen(pre);
data/cellwriter-1.3.6/src/wordfreq.c:150:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
post_len = strlen(post);
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 10245 in approximately 0.26 seconds (39622 lines/second)
Physical Source Lines of Code (SLOC) = 7307
Hits@level = [0] 0 [1] 4 [2] 30 [3] 9 [4] 2 [5] 0
Hits@level+ = [0+] 45 [1+] 45 [2+] 41 [3+] 11 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 6.15848 [1+] 6.15848 [2+] 5.61106 [3+] 1.50541 [4+] 0.27371 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.