Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ebook-tools-0.2.2/src/libepub/linklist.h Examining data/ebook-tools-0.2.2/src/libepub/epublib.h Examining data/ebook-tools-0.2.2/src/libepub/epub.c Examining data/ebook-tools-0.2.2/src/libepub/linklist.c Examining data/ebook-tools-0.2.2/src/libepub/epub_version.h Examining data/ebook-tools-0.2.2/src/libepub/opf.c Examining data/ebook-tools-0.2.2/src/libepub/ocf.c Examining data/ebook-tools-0.2.2/src/libepub/epub_shared.h Examining data/ebook-tools-0.2.2/src/libepub/epub.h Examining data/ebook-tools-0.2.2/src/libepub/list.c Examining data/ebook-tools-0.2.2/src/tools/einfo.c Examining data/ebook-tools-0.2.2/debian/tests/test-libepub.c FINAL RESULTS: data/ebook-tools-0.2.2/src/libepub/epub.c:413:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(strerr, 1024, format, ap); data/ebook-tools-0.2.2/src/libepub/epublib.h:27:57: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define PRINTF_FORMAT(si, ftc) __attribute__ ((format (printf, si, ftc))) data/ebook-tools-0.2.2/src/libepub/linklist.c:707:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(OutStr, DataFmt); data/ebook-tools-0.2.2/src/libepub/linklist.c:709:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(OutStr, DataFmt); data/ebook-tools-0.2.2/src/libepub/linklist.c:711:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OutStr, GetNodeData(List->Head), GetNodeData(List->Tail)); data/ebook-tools-0.2.2/src/libepub/linklist.c:714:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(OutStr, DataFmt); data/ebook-tools-0.2.2/src/libepub/linklist.c:721:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OutStr, Count, GetNodeData(List->Current)); data/ebook-tools-0.2.2/src/libepub/linklist.c:741:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(OutStr, DataFmt); data/ebook-tools-0.2.2/src/libepub/linklist.c:743:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(OutStr, DataFmt); data/ebook-tools-0.2.2/src/libepub/linklist.c:745:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(OutStr, DataFmt); data/ebook-tools-0.2.2/src/libepub/linklist.c:748:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OutStr, GetNodeData(Node), data/ebook-tools-0.2.2/src/libepub/ocf.c:224:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ocf->filename, filename); data/ebook-tools-0.2.2/src/libepub/ocf.c:265:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, ocf->datapath); data/ebook-tools-0.2.2/src/libepub/ocf.c:266:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fullname, filename); data/ebook-tools-0.2.2/src/libepub/epub.c:409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strerr[1025]; data/ebook-tools-0.2.2/src/libepub/epublib.h:191:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastStr[1025]; data/ebook-tools-0.2.2/src/libepub/linklist.c:701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OutStr[30]; data/ebook-tools-0.2.2/src/libepub/linklist.c:706:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(OutStr, "\tHead: "); data/ebook-tools-0.2.2/src/libepub/linklist.c:708:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(OutStr, "\tTail: "); data/ebook-tools-0.2.2/src/libepub/linklist.c:713:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(OutStr, "Index: %d\tData: "); data/ebook-tools-0.2.2/src/libepub/linklist.c:734:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OutStr[30]; data/ebook-tools-0.2.2/src/libepub/linklist.c:742:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(OutStr, "\" (left=\""); data/ebook-tools-0.2.2/src/libepub/linklist.c:744:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(OutStr, "\", right=\""); data/ebook-tools-0.2.2/src/libepub/linklist.c:746:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(OutStr, "\")\n"); data/ebook-tools-0.2.2/src/libepub/linklist.c:784:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(String1, "Hi"); data/ebook-tools-0.2.2/src/libepub/linklist.c:785:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(String2, "Low"); data/ebook-tools-0.2.2/src/libepub/linklist.c:786:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(String3, "Up"); data/ebook-tools-0.2.2/src/libepub/linklist.c:787:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(String4, "Down"); data/ebook-tools-0.2.2/src/libepub/ocf.c:15:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ocf->mimetype, "application/epub+zip"); data/ebook-tools-0.2.2/src/libepub/ocf.c:103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errStr[8192]; data/ebook-tools-0.2.2/src/libepub/opf.c:350:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = atoi((char *)str); data/ebook-tools-0.2.2/src/libepub/epub.c:36:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). epub->ocf->datapath = malloc(sizeof(char) *(strlen(opfName) +1)); data/ebook-tools-0.2.2/src/libepub/epub.c:39:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(epub->ocf->datapath, opfName, pathsep_index + 1 - opfName); data/ebook-tools-0.2.2/src/libepub/epub.c:417:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _epub_err_set_str(&epub->error, strerr, strlen(strerr)); data/ebook-tools-0.2.2/src/libepub/epub.c:650:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(res, epub->error.lastStr, epub->error.len); data/ebook-tools-0.2.2/src/libepub/epublib.h:204:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((_err)->lastStr, _err_string, _err_string_len); \ data/ebook-tools-0.2.2/src/libepub/linklist.c:710:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(OutStr, "\n"); data/ebook-tools-0.2.2/src/libepub/linklist.c:715:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(OutStr, "\n"); data/ebook-tools-0.2.2/src/libepub/linklist.c:740:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(OutStr, "\""); data/ebook-tools-0.2.2/src/libepub/ocf.c:10:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ocf->mimetype = malloc(sizeof(char) * strlen("application/epub+zip")+1); data/ebook-tools-0.2.2/src/libepub/ocf.c:35:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reader = xmlReaderForMemory(containerXml, strlen(containerXml), data/ebook-tools-0.2.2/src/libepub/ocf.c:217:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ocf->filename = malloc(sizeof(char)*(strlen(filename)+1)); data/ebook-tools-0.2.2/src/libepub/ocf.c:258:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = malloc((strlen(filename)+strlen(ocf->datapath)+1)*sizeof(char)); data/ebook-tools-0.2.2/src/libepub/ocf.c:258:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = malloc((strlen(filename)+strlen(ocf->datapath)+1)*sizeof(char)); data/ebook-tools-0.2.2/src/libepub/opf.c:18:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reader = xmlReaderForMemory(opfStr, strlen(opfStr), data/ebook-tools-0.2.2/src/tools/einfo.c:38:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[i]); ANALYSIS SUMMARY: Hits = 46 Lines analyzed = 4195 in approximately 0.12 seconds (36002 lines/second) Physical Source Lines of Code (SLOC) = 2953 Hits@level = [0] 114 [1] 15 [2] 17 [3] 0 [4] 14 [5] 0 Hits@level+ = [0+] 160 [1+] 46 [2+] 31 [3+] 14 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 54.1822 [1+] 15.5774 [2+] 10.4978 [3+] 4.74094 [4+] 4.74094 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.