Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cmark-0.29.0/api_test/cplusplus.cpp
Examining data/cmark-0.29.0/api_test/cplusplus.h
Examining data/cmark-0.29.0/api_test/harness.c
Examining data/cmark-0.29.0/api_test/harness.h
Examining data/cmark-0.29.0/api_test/main.c
Examining data/cmark-0.29.0/src/blocks.c
Examining data/cmark-0.29.0/src/buffer.c
Examining data/cmark-0.29.0/src/buffer.h
Examining data/cmark-0.29.0/src/chunk.h
Examining data/cmark-0.29.0/src/cmark.c
Examining data/cmark-0.29.0/src/cmark.h
Examining data/cmark-0.29.0/src/cmark_ctype.c
Examining data/cmark-0.29.0/src/cmark_ctype.h
Examining data/cmark-0.29.0/src/commonmark.c
Examining data/cmark-0.29.0/src/houdini.h
Examining data/cmark-0.29.0/src/houdini_href_e.c
Examining data/cmark-0.29.0/src/houdini_html_e.c
Examining data/cmark-0.29.0/src/houdini_html_u.c
Examining data/cmark-0.29.0/src/html.c
Examining data/cmark-0.29.0/src/inlines.c
Examining data/cmark-0.29.0/src/inlines.h
Examining data/cmark-0.29.0/src/iterator.c
Examining data/cmark-0.29.0/src/iterator.h
Examining data/cmark-0.29.0/src/latex.c
Examining data/cmark-0.29.0/src/main.c
Examining data/cmark-0.29.0/src/man.c
Examining data/cmark-0.29.0/src/node.c
Examining data/cmark-0.29.0/src/node.h
Examining data/cmark-0.29.0/src/parser.h
Examining data/cmark-0.29.0/src/references.c
Examining data/cmark-0.29.0/src/references.h
Examining data/cmark-0.29.0/src/render.c
Examining data/cmark-0.29.0/src/render.h
Examining data/cmark-0.29.0/src/scanners.c
Examining data/cmark-0.29.0/src/scanners.h
Examining data/cmark-0.29.0/src/utf8.c
Examining data/cmark-0.29.0/src/utf8.h
Examining data/cmark-0.29.0/src/xml.c
Examining data/cmark-0.29.0/test/cmark-fuzz.c
FINAL RESULTS:
data/cmark-0.29.0/api_test/harness.c:20:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/cmark-0.29.0/api_test/main.c:753:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "((((%s))))", utf8);
data/cmark-0.29.0/api_test/main.c:757:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expected, "<p>((((%s))))</p>\n", utf8);
data/cmark-0.29.0/api_test/main.c:767:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "----%s", utf8);
data/cmark-0.29.0/api_test/main.c:777:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "((((%s))))", utf8);
data/cmark-0.29.0/api_test/main.c:783:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expected, UTF8_REPL);
data/cmark-0.29.0/api_test/main.c:752:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/cmark-0.29.0/api_test/main.c:756:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[30];
data/cmark-0.29.0/api_test/main.c:766:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/cmark-0.29.0/api_test/main.c:776:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/cmark-0.29.0/api_test/main.c:780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[50];
data/cmark-0.29.0/api_test/main.c:781:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expected, "<p>((((" UTF8_REPL "\x20");
data/cmark-0.29.0/api_test/main.c:785:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expected, "))))</p>\n");
data/cmark-0.29.0/src/blocks.c:515:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4096];
data/cmark-0.29.0/src/blocks.c:1060:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*container)->as.list), data, sizeof(*data));
data/cmark-0.29.0/src/blocks.c:1067:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*container)->as.list), data, sizeof(*data));
data/cmark-0.29.0/src/buffer.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmark_strbuf__initbuf[1];
data/cmark-0.29.0/src/chunk.h:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, c->data, c->len);
data/cmark-0.29.0/src/chunk.h:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->data, str, c->len + 1);
data/cmark-0.29.0/src/commonmark.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[ENCODED_SIZE];
data/cmark-0.29.0/src/commonmark.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fencechar[2] = {'\0', '\0'};
data/cmark-0.29.0/src/commonmark.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listmarker[LISTMARKER_SIZE];
data/cmark-0.29.0/src/houdini_html_u.c:16:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncmp((const char *)s, (const char *)cmark_entities[i].entity, len);
data/cmark-0.29.0/src/houdini_html_u.c:16:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncmp((const char *)s, (const char *)cmark_entities[i].entity, len);
data/cmark-0.29.0/src/houdini_html_u.c:18:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (const unsigned char *)cmark_entities[i].bytes;
data/cmark-0.29.0/src/html.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/cmark-0.29.0/src/html.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/cmark-0.29.0/src/inlines.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c.data, src->data, len);
data/cmark-0.29.0/src/latex.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_number_string[LIST_NUMBER_STRING_SIZE];
data/cmark-0.29.0/src/main.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/cmark-0.29.0/src/main.c:166:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(argv[files[i]], "rb");
data/cmark-0.29.0/src/man.c:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_number_s[LIST_NUMBER_SIZE];
data/cmark-0.29.0/src/xml.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/cmark-0.29.0/api_test/main.c:773:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(utf8);
data/cmark-0.29.0/api_test/main.c:788:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmark_markdown_to_html(buf, strlen(buf), CMARK_OPT_VALIDATE_UTF8);
data/cmark-0.29.0/api_test/main.c:874:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *html = cmark_markdown_to_html(markdown, strlen(markdown),
data/cmark-0.29.0/src/buffer.c:98:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string ? strlen(string) : 0);
data/cmark-0.29.0/src/buffer.c:119:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmark_strbuf_put(buf, (const unsigned char *)string, strlen(string));
data/cmark-0.29.0/src/chunk.h:87:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->len = (bufsize_t)strlen(str);
data/cmark-0.29.0/src/chunk.h:98:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize_t len = data ? (bufsize_t)strlen(data) : 0;
data/cmark-0.29.0/src/commonmark.c:63:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
renderer->column += strlen(encoded);
data/cmark-0.29.0/src/commonmark.c:74:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:95:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
marker_width = strlen(listmarker);
data/cmark-0.29.0/src/commonmark.c:286:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info_len = strlen(info);
data/cmark-0.29.0/src/commonmark.c:289:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:372:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:445:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) > 0) {
data/cmark-0.29.0/src/commonmark.c:462:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) > 0) {
data/cmark-0.29.0/src/latex.c:170:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/cmark-0.29.0/src/latex.c:176:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title_len = strlen(title);
data/cmark-0.29.0/src/main.c:126:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (unparsed && strlen(unparsed) > 0) {
data/cmark-0.29.0/src/render.c:23:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(source);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 23191 in approximately 0.46 seconds (50029 lines/second)
Physical Source Lines of Code (SLOC) = 20992
Hits@level = [0] 48 [1] 20 [2] 27 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 101 [1+] 53 [2+] 33 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 4.81136 [1+] 2.52477 [2+] 1.57203 [3+] 0.285823 [4+] 0.285823 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.