Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ebook-tools-0.2.2/src/libepub/linklist.h
Examining data/ebook-tools-0.2.2/src/libepub/epublib.h
Examining data/ebook-tools-0.2.2/src/libepub/epub.c
Examining data/ebook-tools-0.2.2/src/libepub/linklist.c
Examining data/ebook-tools-0.2.2/src/libepub/epub_version.h
Examining data/ebook-tools-0.2.2/src/libepub/opf.c
Examining data/ebook-tools-0.2.2/src/libepub/ocf.c
Examining data/ebook-tools-0.2.2/src/libepub/epub_shared.h
Examining data/ebook-tools-0.2.2/src/libepub/epub.h
Examining data/ebook-tools-0.2.2/src/libepub/list.c
Examining data/ebook-tools-0.2.2/src/tools/einfo.c
Examining data/ebook-tools-0.2.2/debian/tests/test-libepub.c
FINAL RESULTS:
data/ebook-tools-0.2.2/src/libepub/epub.c:413:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(strerr, 1024, format, ap);
data/ebook-tools-0.2.2/src/libepub/epublib.h:27:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define PRINTF_FORMAT(si, ftc) __attribute__ ((format (printf, si, ftc)))
data/ebook-tools-0.2.2/src/libepub/linklist.c:707:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(OutStr, DataFmt);
data/ebook-tools-0.2.2/src/libepub/linklist.c:709:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(OutStr, DataFmt);
data/ebook-tools-0.2.2/src/libepub/linklist.c:711:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(OutStr, GetNodeData(List->Head), GetNodeData(List->Tail));
data/ebook-tools-0.2.2/src/libepub/linklist.c:714:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(OutStr, DataFmt);
data/ebook-tools-0.2.2/src/libepub/linklist.c:721:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(OutStr, Count, GetNodeData(List->Current));
data/ebook-tools-0.2.2/src/libepub/linklist.c:741:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(OutStr, DataFmt);
data/ebook-tools-0.2.2/src/libepub/linklist.c:743:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(OutStr, DataFmt);
data/ebook-tools-0.2.2/src/libepub/linklist.c:745:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(OutStr, DataFmt);
data/ebook-tools-0.2.2/src/libepub/linklist.c:748:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(OutStr, GetNodeData(Node),
data/ebook-tools-0.2.2/src/libepub/ocf.c:224:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ocf->filename, filename);
data/ebook-tools-0.2.2/src/libepub/ocf.c:265:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullname, ocf->datapath);
data/ebook-tools-0.2.2/src/libepub/ocf.c:266:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullname, filename);
data/ebook-tools-0.2.2/src/libepub/epub.c:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr[1025];
data/ebook-tools-0.2.2/src/libepub/epublib.h:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastStr[1025];
data/ebook-tools-0.2.2/src/libepub/linklist.c:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutStr[30];
data/ebook-tools-0.2.2/src/libepub/linklist.c:706:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(OutStr, "\tHead: ");
data/ebook-tools-0.2.2/src/libepub/linklist.c:708:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(OutStr, "\tTail: ");
data/ebook-tools-0.2.2/src/libepub/linklist.c:713:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(OutStr, "Index: %d\tData: ");
data/ebook-tools-0.2.2/src/libepub/linklist.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutStr[30];
data/ebook-tools-0.2.2/src/libepub/linklist.c:742:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(OutStr, "\" (left=\"");
data/ebook-tools-0.2.2/src/libepub/linklist.c:744:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(OutStr, "\", right=\"");
data/ebook-tools-0.2.2/src/libepub/linklist.c:746:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(OutStr, "\")\n");
data/ebook-tools-0.2.2/src/libepub/linklist.c:784:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(String1, "Hi");
data/ebook-tools-0.2.2/src/libepub/linklist.c:785:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(String2, "Low");
data/ebook-tools-0.2.2/src/libepub/linklist.c:786:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(String3, "Up");
data/ebook-tools-0.2.2/src/libepub/linklist.c:787:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(String4, "Down");
data/ebook-tools-0.2.2/src/libepub/ocf.c:15:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ocf->mimetype, "application/epub+zip");
data/ebook-tools-0.2.2/src/libepub/ocf.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errStr[8192];
data/ebook-tools-0.2.2/src/libepub/opf.c:350:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi((char *)str);
data/ebook-tools-0.2.2/src/libepub/epub.c:36:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epub->ocf->datapath = malloc(sizeof(char) *(strlen(opfName) +1));
data/ebook-tools-0.2.2/src/libepub/epub.c:39:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(epub->ocf->datapath, opfName, pathsep_index + 1 - opfName);
data/ebook-tools-0.2.2/src/libepub/epub.c:417:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_epub_err_set_str(&epub->error, strerr, strlen(strerr));
data/ebook-tools-0.2.2/src/libepub/epub.c:650:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(res, epub->error.lastStr, epub->error.len);
data/ebook-tools-0.2.2/src/libepub/epublib.h:204:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((_err)->lastStr, _err_string, _err_string_len); \
data/ebook-tools-0.2.2/src/libepub/linklist.c:710:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(OutStr, "\n");
data/ebook-tools-0.2.2/src/libepub/linklist.c:715:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(OutStr, "\n");
data/ebook-tools-0.2.2/src/libepub/linklist.c:740:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(OutStr, "\"");
data/ebook-tools-0.2.2/src/libepub/ocf.c:10:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ocf->mimetype = malloc(sizeof(char) * strlen("application/epub+zip")+1);
data/ebook-tools-0.2.2/src/libepub/ocf.c:35:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reader = xmlReaderForMemory(containerXml, strlen(containerXml),
data/ebook-tools-0.2.2/src/libepub/ocf.c:217:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ocf->filename = malloc(sizeof(char)*(strlen(filename)+1));
data/ebook-tools-0.2.2/src/libepub/ocf.c:258:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullname = malloc((strlen(filename)+strlen(ocf->datapath)+1)*sizeof(char));
data/ebook-tools-0.2.2/src/libepub/ocf.c:258:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullname = malloc((strlen(filename)+strlen(ocf->datapath)+1)*sizeof(char));
data/ebook-tools-0.2.2/src/libepub/opf.c:18:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reader = xmlReaderForMemory(opfStr, strlen(opfStr),
data/ebook-tools-0.2.2/src/tools/einfo.c:38:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
ANALYSIS SUMMARY:
Hits = 46
Lines analyzed = 4195 in approximately 0.12 seconds (36002 lines/second)
Physical Source Lines of Code (SLOC) = 2953
Hits@level = [0] 114 [1] 15 [2] 17 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 160 [1+] 46 [2+] 31 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 54.1822 [1+] 15.5774 [2+] 10.4978 [3+] 4.74094 [4+] 4.74094 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.