Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chipmunk-7.0.3/demo/Bench.c
Examining data/chipmunk-7.0.3/demo/Buoyancy.c
Examining data/chipmunk-7.0.3/demo/Chains.c
Examining data/chipmunk-7.0.3/demo/ChipmunkDebugDraw.c
Examining data/chipmunk-7.0.3/demo/ChipmunkDebugDraw.h
Examining data/chipmunk-7.0.3/demo/ChipmunkDemo.c
Examining data/chipmunk-7.0.3/demo/ChipmunkDemo.h
Examining data/chipmunk-7.0.3/demo/ChipmunkDemoTextSupport.c
Examining data/chipmunk-7.0.3/demo/ChipmunkDemoTextSupport.h
Examining data/chipmunk-7.0.3/demo/ContactGraph.c
Examining data/chipmunk-7.0.3/demo/Convex.c
Examining data/chipmunk-7.0.3/demo/Crane.c
Examining data/chipmunk-7.0.3/demo/Joints.c
Examining data/chipmunk-7.0.3/demo/LogoSmash.c
Examining data/chipmunk-7.0.3/demo/OneWay.c
Examining data/chipmunk-7.0.3/demo/Planet.c
Examining data/chipmunk-7.0.3/demo/Player.c
Examining data/chipmunk-7.0.3/demo/Plink.c
Examining data/chipmunk-7.0.3/demo/Pump.c
Examining data/chipmunk-7.0.3/demo/PyramidStack.c
Examining data/chipmunk-7.0.3/demo/PyramidTopple.c
Examining data/chipmunk-7.0.3/demo/Query.c
Examining data/chipmunk-7.0.3/demo/Shatter.c
Examining data/chipmunk-7.0.3/demo/Slice.c
Examining data/chipmunk-7.0.3/demo/Springies.c
Examining data/chipmunk-7.0.3/demo/Sticky.c
Examining data/chipmunk-7.0.3/demo/Tank.c
Examining data/chipmunk-7.0.3/demo/TheoJansen.c
Examining data/chipmunk-7.0.3/demo/Tumble.c
Examining data/chipmunk-7.0.3/demo/Unicycle.c
Examining data/chipmunk-7.0.3/demo/VeraMoBI.ttf_sdf.h
Examining data/chipmunk-7.0.3/demo/VeraMoBd.ttf_sdf.h
Examining data/chipmunk-7.0.3/demo/sokol/sokol.c
Examining data/chipmunk-7.0.3/demo/sokol/sokol.h
Examining data/chipmunk-7.0.3/demo/sokol/sokol_app.h
Examining data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h
Examining data/chipmunk-7.0.3/demo/sokol/sokol_time.h
Examining data/chipmunk-7.0.3/include/chipmunk/chipmunk.h
Examining data/chipmunk-7.0.3/include/chipmunk/chipmunk_ffi.h
Examining data/chipmunk-7.0.3/include/chipmunk/chipmunk_private.h
Examining data/chipmunk-7.0.3/include/chipmunk/chipmunk_structs.h
Examining data/chipmunk-7.0.3/include/chipmunk/chipmunk_types.h
Examining data/chipmunk-7.0.3/include/chipmunk/chipmunk_unsafe.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpArbiter.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpBB.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpBody.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpConstraint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpDampedRotarySpring.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpDampedSpring.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpGearJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpGrooveJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpHastySpace.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpMarch.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpPinJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpPivotJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpPolyShape.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpPolyline.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpRatchetJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpRobust.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpRotaryLimitJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpShape.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpSimpleMotor.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpSlideJoint.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpSpace.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpSpatialIndex.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpTransform.h
Examining data/chipmunk-7.0.3/include/chipmunk/cpVect.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkAutoGeometry.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkBody.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkConstraint.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkImageSampler.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkMultiGrab.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkPointCloudSampler.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkShape.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkSpace.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ChipmunkTileCache.h
Examining data/chipmunk-7.0.3/objectivec/include/ObjectiveChipmunk/ObjectiveChipmunk.h
Examining data/chipmunk-7.0.3/src/chipmunk.c
Examining data/chipmunk-7.0.3/src/cpArbiter.c
Examining data/chipmunk-7.0.3/src/cpArray.c
Examining data/chipmunk-7.0.3/src/cpBBTree.c
Examining data/chipmunk-7.0.3/src/cpBody.c
Examining data/chipmunk-7.0.3/src/cpCollision.c
Examining data/chipmunk-7.0.3/src/cpConstraint.c
Examining data/chipmunk-7.0.3/src/cpDampedRotarySpring.c
Examining data/chipmunk-7.0.3/src/cpDampedSpring.c
Examining data/chipmunk-7.0.3/src/cpGearJoint.c
Examining data/chipmunk-7.0.3/src/cpGrooveJoint.c
Examining data/chipmunk-7.0.3/src/cpHashSet.c
Examining data/chipmunk-7.0.3/src/cpMarch.c
Examining data/chipmunk-7.0.3/src/cpPinJoint.c
Examining data/chipmunk-7.0.3/src/cpPivotJoint.c
Examining data/chipmunk-7.0.3/src/cpPolyShape.c
Examining data/chipmunk-7.0.3/src/cpPolyline.c
Examining data/chipmunk-7.0.3/src/cpRatchetJoint.c
Examining data/chipmunk-7.0.3/src/cpRobust.c
Examining data/chipmunk-7.0.3/src/cpRotaryLimitJoint.c
Examining data/chipmunk-7.0.3/src/cpShape.c
Examining data/chipmunk-7.0.3/src/cpSimpleMotor.c
Examining data/chipmunk-7.0.3/src/cpSlideJoint.c
Examining data/chipmunk-7.0.3/src/cpSpace.c
Examining data/chipmunk-7.0.3/src/cpSpaceComponent.c
Examining data/chipmunk-7.0.3/src/cpSpaceDebug.c
Examining data/chipmunk-7.0.3/src/cpSpaceHash.c
Examining data/chipmunk-7.0.3/src/cpSpaceQuery.c
Examining data/chipmunk-7.0.3/src/cpSpaceStep.c
Examining data/chipmunk-7.0.3/src/cpSpatialIndex.c
Examining data/chipmunk-7.0.3/src/cpSweep1D.c
Examining data/chipmunk-7.0.3/src/prime.h
Examining data/chipmunk-7.0.3/src/cpHastySpace.c
FINAL RESULTS:
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:202:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "Demo(%c): %s", 'A' + demo_index, demos[demo_index].name);
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:248:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer, format,
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:274:20: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int would_write = vsnprintf(PrintStringCursor, remaining, fmt, args);
data/chipmunk-7.0.3/src/chipmunk.c:34:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, (isError ? "Aborting due to Chipmunk error: " : "Chipmunk warning: "));
data/chipmunk-7.0.3/src/chipmunk.c:42:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, vargs);
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:378:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(45073);
data/chipmunk-7.0.3/src/cpHastySpace.c:84:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&cv->waiters_count_lock);
data/chipmunk-7.0.3/src/cpHastySpace.c:92:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/chipmunk-7.0.3/src/cpHastySpace.c:105:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/chipmunk-7.0.3/src/cpHastySpace.c:118:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/chipmunk-7.0.3/src/cpHastySpace.c:131:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/chipmunk-7.0.3/src/cpHastySpace.c:145:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(external_mutex);
data/chipmunk-7.0.3/src/cpHastySpace.c:154:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(mutex);
data/chipmunk-7.0.3/src/cpHastySpace.c:166:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(mutex);
data/chipmunk-7.0.3/demo/Buoyancy.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char messageBuffer[1024];
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char title[1024];
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:259:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PrintStringBuffer[1024*8];
data/chipmunk-7.0.3/demo/ChipmunkDemo.c:617:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(demos, bench_list, bench_count*sizeof(ChipmunkDemo));
data/chipmunk-7.0.3/demo/Shatter.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clipped, verts, count*sizeof(cpVect));
data/chipmunk-7.0.3/demo/Shatter.c:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ping, pong, count*sizeof(cpVect));
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window_title[_SAPP_MAX_TITLE_LENGTH]; /* UTF-8 */
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:810:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t window_title_wide[_SAPP_MAX_TITLE_LENGTH]; /* UTF-32 or UCS-2 */
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:3626:28: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
const int dst_needed = MultiByteToWideChar(CP_UTF8, 0, src, -1, 0, 0);
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:3628:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, src, -1, dst, dst_chars);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:2163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[_SG_STRING_SIZE];
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:6252:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shd->d3d11_vs_blob, vs_ptr, vs_length);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:6789:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d3d11_msr.pData, data_ptr, data_size);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:6803:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ptr, data_ptr, data_size);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:6839:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d3d11_msr.pData, slice_ptr, slice_size);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:6846:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ptr, src_ptr, src_pitch);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:8352:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, data, num_bytes);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:8399:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ptr, data, data_size);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:8415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ptr, data, data_size);
data/chipmunk-7.0.3/src/chipmunk.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, verts, count*sizeof(cpVect));
data/chipmunk-7.0.3/src/cpPolyline.c:635:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hull->verts, hullVerts, hullCount*sizeof(cpVect));
data/chipmunk-7.0.3/src/cpSpace.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, handler, sizeof(cpCollisionHandler));
data/chipmunk-7.0.3/src/cpSpace.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&space->defaultHandler, &cpCollisionHandlerDoNothing, sizeof(cpCollisionHandler));
data/chipmunk-7.0.3/src/cpSpace.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&space->defaultHandler, &cpCollisionHandlerDefault, sizeof(cpCollisionHandler));
data/chipmunk-7.0.3/src/cpSpaceComponent.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arb->contacts, contacts, numContacts*sizeof(struct cpContact));
data/chipmunk-7.0.3/src/cpSpaceComponent.c:102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contacts, arb->contacts, bytes);
data/chipmunk-7.0.3/demo/ChipmunkDemoTextSupport.c:221:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(size_t i=0, len=strlen(str); i<len; i++){
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:3431:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* terminator = where + strlen(ext);
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:4533:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &msg, sizeof(msg)) != sizeof(msg)) {
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:5902:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* terminator = where + strlen(ext);
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:6169:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_sapp.window_title));
data/chipmunk-7.0.3/demo/sokol/sokol_app.h:6174:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_sapp.window_title));
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:2983:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst->buf, src, _SG_STRING_SIZE);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:6152:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(stage_desc->source), /* SrcDataSize */
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:9030:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SOKOL_VALIDATE(strlen(desc->attrs[i].name) < _SG_STRING_SIZE, _SG_VALIDATE_SHADERDESC_ATTR_STRING_TOO_LONG);
data/chipmunk-7.0.3/demo/sokol/sokol_gfx.h:9033:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SOKOL_VALIDATE(strlen(desc->attrs[i].sem_name) < _SG_STRING_SIZE, _SG_VALIDATE_SHADERDESC_ATTR_STRING_TOO_LONG);
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 41541 in approximately 1.26 seconds (32996 lines/second)
Physical Source Lines of Code (SLOC) = 29743
Hits@level = [0] 6 [1] 10 [2] 27 [3] 9 [4] 5 [5] 0
Hits@level+ = [0+] 57 [1+] 51 [2+] 41 [3+] 14 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 1.91642 [1+] 1.71469 [2+] 1.37848 [3+] 0.470699 [4+] 0.168107 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.