Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/coco-cpp-20120102/Scanner.h
Examining data/coco-cpp-20120102/Scanner.cpp
Examining data/coco-cpp-20120102/Parser.h
Examining data/coco-cpp-20120102/Parser.cpp
Examining data/coco-cpp-20120102/Coco.cpp
Examining data/coco-cpp-20120102/Tab.cpp
Examining data/coco-cpp-20120102/ParserGen.h
Examining data/coco-cpp-20120102/ParserGen.cpp
Examining data/coco-cpp-20120102/DFA.cpp
Examining data/coco-cpp-20120102/BitArray.cpp
Examining data/coco-cpp-20120102/BitArray.h
Examining data/coco-cpp-20120102/Melted.cpp
Examining data/coco-cpp-20120102/Target.h
Examining data/coco-cpp-20120102/Target.cpp
Examining data/coco-cpp-20120102/Tab.h
Examining data/coco-cpp-20120102/Symbol.h
Examining data/coco-cpp-20120102/CharClass.cpp
Examining data/coco-cpp-20120102/ArrayList.h
Examining data/coco-cpp-20120102/ArrayList.cpp
Examining data/coco-cpp-20120102/Action.h
Examining data/coco-cpp-20120102/Action.cpp
Examining data/coco-cpp-20120102/Symbol.cpp
Examining data/coco-cpp-20120102/StringBuilder.h
Examining data/coco-cpp-20120102/StringBuilder.cpp
Examining data/coco-cpp-20120102/State.h
Examining data/coco-cpp-20120102/State.cpp
Examining data/coco-cpp-20120102/SortedList.h
Examining data/coco-cpp-20120102/SortedList.cpp
Examining data/coco-cpp-20120102/Sets.h
Examining data/coco-cpp-20120102/Position.h
Examining data/coco-cpp-20120102/Position.cpp
Examining data/coco-cpp-20120102/Node.h
Examining data/coco-cpp-20120102/Node.cpp
Examining data/coco-cpp-20120102/Melted.h
Examining data/coco-cpp-20120102/HashTable.h
Examining data/coco-cpp-20120102/HashTable.cpp
Examining data/coco-cpp-20120102/Graph.h
Examining data/coco-cpp-20120102/Generator.h
Examining data/coco-cpp-20120102/Generator.cpp
Examining data/coco-cpp-20120102/DFA.h
Examining data/coco-cpp-20120102/Comment.h
Examining data/coco-cpp-20120102/Comment.cpp
Examining data/coco-cpp-20120102/CharSet.h
Examining data/coco-cpp-20120102/CharSet.cpp
Examining data/coco-cpp-20120102/CharClass.h
FINAL RESULTS:
data/coco-cpp-20120102/DFA.cpp:618:6: [4] (format) fwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fwprintf(gen, (c >= 32 && c <= 127) ? L"%lc" : L"\\x%04x", c);
data/coco-cpp-20120102/Scanner.cpp:120:15: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
if (data1) { wcscpy(data, data1); }
data/coco-cpp-20120102/Scanner.cpp:121:15: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
if (data2) { wcscpy(data + data1Len, data2); }
data/coco-cpp-20120102/Scanner.h:53:23: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define coco_swprintf swprintf
data/coco-cpp-20120102/StringBuilder.cpp:49:2: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(data, val);
data/coco-cpp-20120102/StringBuilder.cpp:78:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(data + length, value);
data/coco-cpp-20120102/Tab.cpp:456:3: [4] (format) fwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fwprintf(trace, format);
data/coco-cpp-20120102/BitArray.cpp:48:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Data, copy.Data, (copy.Count+7)>>3);
data/coco-cpp-20120102/BitArray.cpp:118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBitArray->Data, Data, (Count+7)>>3);
data/coco-cpp-20120102/BitArray.cpp:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Data, right.Data, (Count+7)>>3);
data/coco-cpp-20120102/Coco.cpp:99:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((parser->trace = fopen(chTrFileName, "w")) == NULL) {
data/coco-cpp-20120102/Coco.cpp:122:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
parser->trace = fopen(chTrFileName, "r");
data/coco-cpp-20120102/DFA.cpp:274:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t format[200];
data/coco-cpp-20120102/Generator.cpp:47:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fram = fopen(chFrameFile, "r");
data/coco-cpp-20120102/Generator.cpp:54:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fram = fopen(chFrameFile, "r");
data/coco-cpp-20120102/Generator.cpp:71:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((gen = fopen(chFn, "r")) != NULL) {
data/coco-cpp-20120102/Generator.cpp:79:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((gen = fopen(chFn, "w")) == NULL) {
data/coco-cpp-20120102/Generator.cpp:97:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(chCopyFr, "r");
data/coco-cpp-20120102/Generator.cpp:104:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(chCopyFr, "r");
data/coco-cpp-20120102/Parser.cpp:895:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t format[20];
data/coco-cpp-20120102/ParserGen.cpp:122:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t format[formatLen];
data/coco-cpp-20120102/Scanner.cpp:268:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->buf, buf, len*sizeof(unsigned char));
data/coco-cpp-20120102/Scanner.cpp:366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuf, buf, bufLen*sizeof(unsigned char));
data/coco-cpp-20120102/Scanner.cpp:423:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((stream = fopen(chFileName, "rb")) == NULL) {
data/coco-cpp-20120102/Scanner.cpp:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuf, tval, tlen*sizeof(wchar_t));
data/coco-cpp-20120102/StringBuilder.cpp:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nData, data, oldCap * sizeof(int));
data/coco-cpp-20120102/ParserGen.cpp:244:36: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
} else if (p2->down == NULL && equal) { fwprintf(gen, L"} else {\n");
data/coco-cpp-20120102/ParserGen.cpp:256:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/coco-cpp-20120102/Scanner.cpp:50:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valueLen = wcslen(value);
data/coco-cpp-20120102/Scanner.cpp:63:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(data, &(value[startIndex]), len);
data/coco-cpp-20120102/Scanner.cpp:73:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data) { dataLen = wcslen(data); }
data/coco-cpp-20120102/Scanner.cpp:90:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dataLen = wcslen(data);
data/coco-cpp-20120102/Scanner.cpp:115:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data1) { data1Len = wcslen(data1); }
data/coco-cpp-20120102/Scanner.cpp:116:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data2) {data2Len = wcslen(data2); }
data/coco-cpp-20120102/Scanner.cpp:131:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(data, target, targetLen);
data/coco-cpp-20120102/Scanner.cpp:143:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data) { return wcslen(data); }
data/coco-cpp-20120102/Scanner.cpp:148:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dataLen = wcslen(data);
data/coco-cpp-20120102/Scanner.cpp:149:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int endLen = wcslen(end);
data/coco-cpp-20120102/Scanner.cpp:197:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value) { len = strlen(value); }
data/coco-cpp-20120102/Scanner.cpp:372:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0) {
data/coco-cpp-20120102/Scanner.cpp:373:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fileLen = bufLen = (bufLen + read);
data/coco-cpp-20120102/Scanner.cpp:374:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/coco-cpp-20120102/Scanner.cpp:648:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(t->val, tval, tlen);
data/coco-cpp-20120102/StringBuilder.cpp:47:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
capacity = length = wcslen(val);
data/coco-cpp-20120102/StringBuilder.cpp:77:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length + (int)wcslen(value) < capacity) {
data/coco-cpp-20120102/StringBuilder.cpp:79:13: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += wcslen(value);
ANALYSIS SUMMARY:
Hits = 46
Lines analyzed = 7955 in approximately 0.33 seconds (24472 lines/second)
Physical Source Lines of Code (SLOC) = 5544
Hits@level = [0] 312 [1] 20 [2] 19 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 358 [1+] 46 [2+] 26 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 64.5743 [1+] 8.29726 [2+] 4.68975 [3+] 1.26263 [4+] 1.26263 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.