Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/esdl-1.3.1/c_src/esdl_audio.h
Examining data/esdl-1.3.1/c_src/esdl_gl.c
Examining data/esdl-1.3.1/c_src/esdl_driver.c
Examining data/esdl-1.3.1/c_src/esdl_ttf.c
Examining data/esdl-1.3.1/c_src/esdl_conv.h
Examining data/esdl-1.3.1/c_src/esdl_events.c
Examining data/esdl-1.3.1/c_src/esdl_sdl_fp.h
Examining data/esdl-1.3.1/c_src/esdl_gen.c
Examining data/esdl-1.3.1/c_src/esdl_util.c
Examining data/esdl-1.3.1/c_src/esdl.h
Examining data/esdl-1.3.1/c_src/esdl_video.h
Examining data/esdl-1.3.1/c_src/esdl_spec.c
Examining data/esdl-1.3.1/c_src/esdl_events.h
Examining data/esdl-1.3.1/c_src/esdl_audio.c
Examining data/esdl-1.3.1/c_src/esdl_wrapper.c
Examining data/esdl-1.3.1/c_src/esdl_ttf.h
Examining data/esdl-1.3.1/c_src/esdl_img.c
Examining data/esdl-1.3.1/c_src/esdl_img.h
Examining data/esdl-1.3.1/c_src/esdl_util.h
Examining data/esdl-1.3.1/c_src/esdl_video.c
FINAL RESULTS:
data/esdl-1.3.1/c_src/esdl_gl.c:70:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
return LoadLibrary(DLL);
data/esdl-1.3.1/c_src/esdl_audio.c:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream, waveptr, waveleft);
data/esdl-1.3.1/c_src/esdl_audio.c:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream, waveptr, len);
data/esdl-1.3.1/c_src/esdl_audio.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wav_cvt.buf, mptr, osize);
data/esdl-1.3.1/c_src/esdl_conv.h:58:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(s))[-1] & 0xff)
data/esdl-1.3.1/c_src/esdl_conv.h:62:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((((unsigned char *)(s))[-1] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:63:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(s))[-2])) & 0xffff)
data/esdl-1.3.1/c_src/esdl_conv.h:67:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)(s))[-1] << 24) | \
data/esdl-1.3.1/c_src/esdl_conv.h:68:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)(s))[-2] << 16) | \
data/esdl-1.3.1/c_src/esdl_conv.h:69:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)(s))[-3] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:70:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(s))[-4]))
data/esdl-1.3.1/c_src/esdl_conv.h:74:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((((unsigned char *)(s))[-2] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:75:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(s))[-1])) & 0xffff)
data/esdl-1.3.1/c_src/esdl_conv.h:79:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)(s))[-4] << 24) | \
data/esdl-1.3.1/c_src/esdl_conv.h:80:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)(s))[-3] << 16) | \
data/esdl-1.3.1/c_src/esdl_conv.h:81:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)(s))[-2] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:82:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(s))[-1]))
data/esdl-1.3.1/c_src/esdl_gl.c:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *base[3];
data/esdl-1.3.1/c_src/esdl_gl.c:160:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * bs[3];
data/esdl-1.3.1/c_src/esdl_gl.c:183:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(esdl_q[pos].buff, bp, len);
data/esdl-1.3.1/c_src/esdl_gl.c:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * bs[3];
data/esdl-1.3.1/c_src/esdl_util.c:37:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->bin[0].base, bp, len);
data/esdl-1.3.1/c_src/esdl_util.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->bin[0].base, sd->bin[1].base, sd->bin[1].size);
data/esdl-1.3.1/c_src/esdl_util.h:22:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
do { memcpy(&dstp,srcp,sizeof(void *)); srcp += 8; } while (0)
data/esdl-1.3.1/c_src/esdl_util.h:24:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
do { memset(dstp,0,8);memcpy(dstp,&srcp,sizeof(void *)); dstp += 8; } while (0)
data/esdl-1.3.1/c_src/esdl_video.c:539:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels, (void *) bp, size);
data/esdl-1.3.1/c_src/esdl_video.c:904:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[1024];
data/esdl-1.3.1/c_src/esdl_audio.c:93:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendlen = (int) strlen(bp);
data/esdl-1.3.1/c_src/esdl_gen.c:37:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int) strlen(err);
data/esdl-1.3.1/c_src/esdl_img.c:157:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(err);
data/esdl-1.3.1/c_src/esdl_ttf.c:66:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = file + strlen(file) + 1;
data/esdl-1.3.1/c_src/esdl_ttf.c:89:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = file + strlen(file) + 1;
data/esdl-1.3.1/c_src/esdl_ttf.c:256:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendlen = strlen(familyname);
data/esdl-1.3.1/c_src/esdl_ttf.c:276:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendlen = strlen(stylename);
data/esdl-1.3.1/c_src/esdl_ttf.c:749:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(err);
data/esdl-1.3.1/c_src/esdl_video.c:56:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendlen = (int) strlen(bp);
data/esdl-1.3.1/c_src/esdl_video.c:708:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
icon = title + strlen(title) + 1;
data/esdl-1.3.1/c_src/esdl_video.c:1100:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = defdir + strlen(defdir) + 1; /* Title of dialog */
data/esdl-1.3.1/c_src/esdl_video.c:1101:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
defname = title + strlen(title) + 1; /* Default name for file */
data/esdl-1.3.1/c_src/esdl_video.c:1102:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter = defname + strlen(defname) + 1; /* Filters */
data/esdl-1.3.1/c_src/esdl_video.c:1122:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter += strlen(filter) + 1;
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 5111 in approximately 0.19 seconds (26275 lines/second)
Physical Source Lines of Code (SLOC) = 4133
Hits@level = [0] 22 [1] 14 [2] 26 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 63 [1+] 41 [2+] 27 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 15.2432 [1+] 9.92015 [2+] 6.53278 [3+] 0.241955 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.