Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/coco-cpp-20120102/Scanner.h Examining data/coco-cpp-20120102/Scanner.cpp Examining data/coco-cpp-20120102/Parser.h Examining data/coco-cpp-20120102/Parser.cpp Examining data/coco-cpp-20120102/Coco.cpp Examining data/coco-cpp-20120102/Tab.cpp Examining data/coco-cpp-20120102/ParserGen.h Examining data/coco-cpp-20120102/ParserGen.cpp Examining data/coco-cpp-20120102/DFA.cpp Examining data/coco-cpp-20120102/BitArray.cpp Examining data/coco-cpp-20120102/BitArray.h Examining data/coco-cpp-20120102/Melted.cpp Examining data/coco-cpp-20120102/Target.h Examining data/coco-cpp-20120102/Target.cpp Examining data/coco-cpp-20120102/Tab.h Examining data/coco-cpp-20120102/Symbol.h Examining data/coco-cpp-20120102/CharClass.cpp Examining data/coco-cpp-20120102/ArrayList.h Examining data/coco-cpp-20120102/ArrayList.cpp Examining data/coco-cpp-20120102/Action.h Examining data/coco-cpp-20120102/Action.cpp Examining data/coco-cpp-20120102/Symbol.cpp Examining data/coco-cpp-20120102/StringBuilder.h Examining data/coco-cpp-20120102/StringBuilder.cpp Examining data/coco-cpp-20120102/State.h Examining data/coco-cpp-20120102/State.cpp Examining data/coco-cpp-20120102/SortedList.h Examining data/coco-cpp-20120102/SortedList.cpp Examining data/coco-cpp-20120102/Sets.h Examining data/coco-cpp-20120102/Position.h Examining data/coco-cpp-20120102/Position.cpp Examining data/coco-cpp-20120102/Node.h Examining data/coco-cpp-20120102/Node.cpp Examining data/coco-cpp-20120102/Melted.h Examining data/coco-cpp-20120102/HashTable.h Examining data/coco-cpp-20120102/HashTable.cpp Examining data/coco-cpp-20120102/Graph.h Examining data/coco-cpp-20120102/Generator.h Examining data/coco-cpp-20120102/Generator.cpp Examining data/coco-cpp-20120102/DFA.h Examining data/coco-cpp-20120102/Comment.h Examining data/coco-cpp-20120102/Comment.cpp Examining data/coco-cpp-20120102/CharSet.h Examining data/coco-cpp-20120102/CharSet.cpp Examining data/coco-cpp-20120102/CharClass.h FINAL RESULTS: data/coco-cpp-20120102/DFA.cpp:618:6: [4] (format) fwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fwprintf(gen, (c >= 32 && c <= 127) ? L"%lc" : L"\\x%04x", c); data/coco-cpp-20120102/Scanner.cpp:120:15: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. if (data1) { wcscpy(data, data1); } data/coco-cpp-20120102/Scanner.cpp:121:15: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. if (data2) { wcscpy(data + data1Len, data2); } data/coco-cpp-20120102/Scanner.h:53:23: [4] (buffer) swprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define coco_swprintf swprintf data/coco-cpp-20120102/StringBuilder.cpp:49:2: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(data, val); data/coco-cpp-20120102/StringBuilder.cpp:78:3: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(data + length, value); data/coco-cpp-20120102/Tab.cpp:456:3: [4] (format) fwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fwprintf(trace, format); data/coco-cpp-20120102/BitArray.cpp:48:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Data, copy.Data, (copy.Count+7)>>3); data/coco-cpp-20120102/BitArray.cpp:118:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBitArray->Data, Data, (Count+7)>>3); data/coco-cpp-20120102/BitArray.cpp:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Data, right.Data, (Count+7)>>3); data/coco-cpp-20120102/Coco.cpp:99:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((parser->trace = fopen(chTrFileName, "w")) == NULL) { data/coco-cpp-20120102/Coco.cpp:122:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). parser->trace = fopen(chTrFileName, "r"); data/coco-cpp-20120102/DFA.cpp:274:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t format[200]; data/coco-cpp-20120102/Generator.cpp:47:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fram = fopen(chFrameFile, "r"); data/coco-cpp-20120102/Generator.cpp:54:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fram = fopen(chFrameFile, "r"); data/coco-cpp-20120102/Generator.cpp:71:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((gen = fopen(chFn, "r")) != NULL) { data/coco-cpp-20120102/Generator.cpp:79:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((gen = fopen(chFn, "w")) == NULL) { data/coco-cpp-20120102/Generator.cpp:97:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(chCopyFr, "r"); data/coco-cpp-20120102/Generator.cpp:104:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(chCopyFr, "r"); data/coco-cpp-20120102/Parser.cpp:895:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t format[20]; data/coco-cpp-20120102/ParserGen.cpp:122:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t format[formatLen]; data/coco-cpp-20120102/Scanner.cpp:268:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->buf, buf, len*sizeof(unsigned char)); data/coco-cpp-20120102/Scanner.cpp:366:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, buf, bufLen*sizeof(unsigned char)); data/coco-cpp-20120102/Scanner.cpp:423:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stream = fopen(chFileName, "rb")) == NULL) { data/coco-cpp-20120102/Scanner.cpp:547:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, tval, tlen*sizeof(wchar_t)); data/coco-cpp-20120102/StringBuilder.cpp:66:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nData, data, oldCap * sizeof(int)); data/coco-cpp-20120102/ParserGen.cpp:244:36: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. } else if (p2->down == NULL && equal) { fwprintf(gen, L"} else {\n"); data/coco-cpp-20120102/ParserGen.cpp:256:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) { data/coco-cpp-20120102/Scanner.cpp:50:14: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valueLen = wcslen(value); data/coco-cpp-20120102/Scanner.cpp:63:2: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(data, &(value[startIndex]), len); data/coco-cpp-20120102/Scanner.cpp:73:24: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data) { dataLen = wcslen(data); } data/coco-cpp-20120102/Scanner.cpp:90:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int dataLen = wcslen(data); data/coco-cpp-20120102/Scanner.cpp:115:26: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data1) { data1Len = wcslen(data1); } data/coco-cpp-20120102/Scanner.cpp:116:25: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data2) {data2Len = wcslen(data2); } data/coco-cpp-20120102/Scanner.cpp:131:2: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(data, target, targetLen); data/coco-cpp-20120102/Scanner.cpp:143:21: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data) { return wcslen(data); } data/coco-cpp-20120102/Scanner.cpp:148:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int dataLen = wcslen(data); data/coco-cpp-20120102/Scanner.cpp:149:15: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int endLen = wcslen(end); data/coco-cpp-20120102/Scanner.cpp:197:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value) { len = strlen(value); } data/coco-cpp-20120102/Scanner.cpp:372:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read > 0) { data/coco-cpp-20120102/Scanner.cpp:373:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fileLen = bufLen = (bufLen + read); data/coco-cpp-20120102/Scanner.cpp:374:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/coco-cpp-20120102/Scanner.cpp:648:2: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(t->val, tval, tlen); data/coco-cpp-20120102/StringBuilder.cpp:47:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). capacity = length = wcslen(val); data/coco-cpp-20120102/StringBuilder.cpp:77:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length + (int)wcslen(value) < capacity) { data/coco-cpp-20120102/StringBuilder.cpp:79:13: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += wcslen(value); ANALYSIS SUMMARY: Hits = 46 Lines analyzed = 7955 in approximately 0.33 seconds (24472 lines/second) Physical Source Lines of Code (SLOC) = 5544 Hits@level = [0] 312 [1] 20 [2] 19 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 358 [1+] 46 [2+] 26 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 64.5743 [1+] 8.29726 [2+] 4.68975 [3+] 1.26263 [4+] 1.26263 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.