Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fcml-1.2.2/check/cpp-tests/common_t.hpp
Examining data/fcml-1.2.2/check/cpp-tests/assembler_t.cpp
Examining data/fcml-1.2.2/check/cpp-tests/parser_t.cpp
Examining data/fcml-1.2.2/check/cpp-tests/parser_t.hpp
Examining data/fcml-1.2.2/check/cpp-tests/dialect_t.cpp
Examining data/fcml-1.2.2/check/cpp-tests/disassembler_t.hpp
Examining data/fcml-1.2.2/check/cpp-tests/errors_t.cpp
Examining data/fcml-1.2.2/check/cpp-tests/assembler_t.hpp
Examining data/fcml-1.2.2/check/cpp-tests/dialect_t.hpp
Examining data/fcml-1.2.2/check/cpp-tests/errors_t.hpp
Examining data/fcml-1.2.2/check/cpp-tests/main.cpp
Examining data/fcml-1.2.2/check/cpp-tests/common_t.cpp
Examining data/fcml-1.2.2/check/cpp-tests/disassembler_t.cpp
Examining data/fcml-1.2.2/check/public-tests/instructions_t_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_h_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_v_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_base_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_n_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_o_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_w_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_j_t.h
Examining data/fcml-1.2.2/check/public-tests/general_usage_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_d_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_b_t.h
Examining data/fcml-1.2.2/check/public-tests/prefixes_t.h
Examining data/fcml-1.2.2/check/public-tests/chooser_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_j_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_v_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_k_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_n_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_o_t.h
Examining data/fcml-1.2.2/check/public-tests/assembler_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_i_t.h
Examining data/fcml-1.2.2/check/public-tests/segment_reg_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_g_t.h
Examining data/fcml-1.2.2/check/public-tests/segment_reg_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_i_t.c
Examining data/fcml-1.2.2/check/public-tests/render_t.c
Examining data/fcml-1.2.2/check/public-tests/chooser_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_k_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_h_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_r_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_s_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_a_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_r_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_p_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_f_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_l_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_s_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_m_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_base_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_e_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_p_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_u_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_f_t.h
Examining data/fcml-1.2.2/check/public-tests/hints_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_l_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_e_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_x_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_b_t.c
Examining data/fcml-1.2.2/check/public-tests/hints_t.h
Examining data/fcml-1.2.2/check/public-tests/error_handling_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_c_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_d_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_g_t.c
Examining data/fcml-1.2.2/check/public-tests/disassembler_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_m_t.h
Examining data/fcml-1.2.2/check/public-tests/disassembler_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_c_t.c
Examining data/fcml-1.2.2/check/public-tests/instructions_w_t.h
Examining data/fcml-1.2.2/check/public-tests/main.c
Examining data/fcml-1.2.2/check/public-tests/error_handling_t.c
Examining data/fcml-1.2.2/check/public-tests/prefixes_t.c
Examining data/fcml-1.2.2/check/public-tests/assembler_t.c
Examining data/fcml-1.2.2/check/public-tests/general_usage_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_t_t.c
Examining data/fcml-1.2.2/check/public-tests/render_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_a_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_u_t.h
Examining data/fcml-1.2.2/check/public-tests/instructions_x_t.h
Examining data/fcml-1.2.2/check/stf/fcml_stf.h
Examining data/fcml-1.2.2/check/stf/fcml_stf.c
Examining data/fcml-1.2.2/check/internal-tests/symbols_t.c
Examining data/fcml-1.2.2/check/internal-tests/env_t.c
Examining data/fcml-1.2.2/check/internal-tests/coll_t.h
Examining data/fcml-1.2.2/check/internal-tests/mnemonic_parser_t.c
Examining data/fcml-1.2.2/check/internal-tests/coll_t.c
Examining data/fcml-1.2.2/check/internal-tests/lag_assembler_t.h
Examining data/fcml-1.2.2/check/internal-tests/ceh_t.h
Examining data/fcml-1.2.2/check/internal-tests/common_utils_t.h
Examining data/fcml-1.2.2/check/internal-tests/gas_parser_t.c
Examining data/fcml-1.2.2/check/internal-tests/stream_t.h
Examining data/fcml-1.2.2/check/internal-tests/intel_parser_t.h
Examining data/fcml-1.2.2/check/internal-tests/common_utils_t.c
Examining data/fcml-1.2.2/check/internal-tests/env_t.h
Examining data/fcml-1.2.2/check/internal-tests/ceh_t.c
Examining data/fcml-1.2.2/check/internal-tests/modrm_encoder_t.h
Examining data/fcml-1.2.2/check/internal-tests/stream_t.c
Examining data/fcml-1.2.2/check/internal-tests/gas_parser_t.h
Examining data/fcml-1.2.2/check/internal-tests/intel_parser_t.c
Examining data/fcml-1.2.2/check/internal-tests/lag_assembler_t.c
Examining data/fcml-1.2.2/check/internal-tests/main.c
Examining data/fcml-1.2.2/check/internal-tests/modrm_decoder_t.c
Examining data/fcml-1.2.2/check/internal-tests/modrm_decoder_t.h
Examining data/fcml-1.2.2/check/internal-tests/utils_t.c
Examining data/fcml-1.2.2/check/internal-tests/utils_t.h
Examining data/fcml-1.2.2/check/internal-tests/mnemonic_parser_t.h
Examining data/fcml-1.2.2/check/internal-tests/symbols_t.h
Examining data/fcml-1.2.2/check/internal-tests/modrm_encoder_t.c
Examining data/fcml-1.2.2/include/fcml_types.h
Examining data/fcml-1.2.2/include/fcml_assembler.hpp
Examining data/fcml-1.2.2/include/fcml_intel_mnemonics.cpp
Examining data/fcml-1.2.2/include/fcml_intel_mnemonics.hpp
Examining data/fcml-1.2.2/include/fcml_gas_mnemonics.cpp
Examining data/fcml-1.2.2/include/fcml_dialect.hpp
Examining data/fcml-1.2.2/include/fcml_optimizers.h
Examining data/fcml-1.2.2/include/fcml_instructions.h
Examining data/fcml-1.2.2/include/fcml_gas_mnemonics.hpp
Examining data/fcml-1.2.2/include/fcml_symbols.hpp
Examining data/fcml-1.2.2/include/fcml_common.h
Examining data/fcml-1.2.2/include/fcml_parser.h
Examining data/fcml-1.2.2/include/fcml_gas_dialect.hpp
Examining data/fcml-1.2.2/include/fcml_intel_dialect.h
Examining data/fcml-1.2.2/include/fcml_common.hpp
Examining data/fcml-1.2.2/include/fcml_symbols.h
Examining data/fcml-1.2.2/include/fcml_common_utils.h
Examining data/fcml-1.2.2/include/fcml_errors.h
Examining data/fcml-1.2.2/include/fcml_registers.hpp
Examining data/fcml-1.2.2/include/fcml_gas_mnemonics.h
Examining data/fcml-1.2.2/include/fcml_lag_assembler.h
Examining data/fcml-1.2.2/include/fcml_dialect.h
Examining data/fcml-1.2.2/include/fcml_disassembler.hpp
Examining data/fcml-1.2.2/include/fcml_stateful_disassembler.hpp
Examining data/fcml-1.2.2/include/fcml_parser.hpp
Examining data/fcml-1.2.2/include/fcml_renderer.hpp
Examining data/fcml-1.2.2/include/fcml_choosers.h
Examining data/fcml-1.2.2/include/fcml_lag_assembler.hpp
Examining data/fcml-1.2.2/include/fcml_errors.hpp
Examining data/fcml-1.2.2/include/fcml_intel_mnemonics.h
Examining data/fcml-1.2.2/include/fcml_intel_dialect.hpp
Examining data/fcml-1.2.2/include/fcml_renderer.h
Examining data/fcml-1.2.2/include/fcml_disassembler.h
Examining data/fcml-1.2.2/include/fcml_registers.cpp
Examining data/fcml-1.2.2/include/fcml_env.h
Examining data/fcml-1.2.2/include/fcml_assembler.h
Examining data/fcml-1.2.2/include/fcml_stateful_assembler.hpp
Examining data/fcml-1.2.2/include/fcml_gas_dialect.h
Examining data/fcml-1.2.2/include/fcml_lib_export.h
Examining data/fcml-1.2.2/example/hsdis/hsdis.h
Examining data/fcml-1.2.2/example/hsdis/hsdis.c
Examining data/fcml-1.2.2/example/fcml-asm/main.c
Examining data/fcml-1.2.2/example/fcml-disasm/main.c
Examining data/fcml-1.2.2/win32/vs2019/fcml/fcml/resource.h
Examining data/fcml-1.2.2/win32/vs2019/fcml/fcml/dllmain.c
Examining data/fcml-1.2.2/win32/vs2019/fcml/fcml/resource1.h
Examining data/fcml-1.2.2/win32/vs2019/fcml/examples/hsdis/resource.h
Examining data/fcml-1.2.2/win32/vs2019/fcml/examples/hsdis/targetver.h
Examining data/fcml-1.2.2/win32/vs2019/fcml/examples/hsdis/dllmain.cpp
Examining data/fcml-1.2.2/win32/vs2017/fcml/fcml/resource.h
Examining data/fcml-1.2.2/win32/vs2017/fcml/fcml/dllmain.c
Examining data/fcml-1.2.2/win32/vs2017/fcml/fcml/resource1.h
Examining data/fcml-1.2.2/win32/vs2017/fcml/examples/hsdis/resource.h
Examining data/fcml-1.2.2/win32/vs2017/fcml/examples/hsdis/targetver.h
Examining data/fcml-1.2.2/win32/vs2017/fcml/examples/hsdis/dllmain.cpp
Examining data/fcml-1.2.2/src/fcml_assembler_int.h
Examining data/fcml-1.2.2/src/fcml_parser.c
Examining data/fcml-1.2.2/src/fcml_common_dialect.h
Examining data/fcml-1.2.2/src/fcml_stream.c
Examining data/fcml-1.2.2/src/fcml_dialect_int.c
Examining data/fcml-1.2.2/src/fcml_gas_lexer.h
Examining data/fcml-1.2.2/src/fcml_intel_lexer.h
Examining data/fcml-1.2.2/src/fcml_gas_parser.c
Examining data/fcml-1.2.2/src/fcml_hints.h
Examining data/fcml-1.2.2/src/fcml_common_dialect.c
Examining data/fcml-1.2.2/src/fcml_modrm_decoder.c
Examining data/fcml-1.2.2/src/fcml_symbols.c
Examining data/fcml-1.2.2/src/fcml_modrm_decoder.h
Examining data/fcml-1.2.2/src/fcml_renderer.c
Examining data/fcml-1.2.2/src/fcml_hints.c
Examining data/fcml-1.2.2/src/fcml_gas_lexer.c
Examining data/fcml-1.2.2/src/fcml_optimizers.c
Examining data/fcml-1.2.2/src/fcml_intel_parser.h
Examining data/fcml-1.2.2/src/fcml_encoding.c
Examining data/fcml-1.2.2/src/fcml_coll.c
Examining data/fcml-1.2.2/src/fcml_gas_parser_def.c
Examining data/fcml-1.2.2/src/fcml_disp8_n.c
Examining data/fcml-1.2.2/src/fcml_dialect.c
Examining data/fcml-1.2.2/src/fcml_encoding.h
Examining data/fcml-1.2.2/src/fcml_disp8_n.h
Examining data/fcml-1.2.2/src/fcml_coll.h
Examining data/fcml-1.2.2/src/fcml_parser_int.c
Examining data/fcml-1.2.2/src/fcml_def.c
Examining data/fcml-1.2.2/src/fcml_gas_parser_def.h
Examining data/fcml-1.2.2/src/fcml_common_utils.c
Examining data/fcml-1.2.2/src/fcml_intel_rend.h
Examining data/fcml-1.2.2/src/fcml_disassembler.c
Examining data/fcml-1.2.2/src/fcml_utils.c
Examining data/fcml-1.2.2/src/fcml_rend_utils.c
Examining data/fcml-1.2.2/src/fcml_gas_rend.h
Examining data/fcml-1.2.2/src/fcml_rend_utils.h
Examining data/fcml-1.2.2/src/fcml_ceh.h
Examining data/fcml-1.2.2/src/fcml_env_int.c
Examining data/fcml-1.2.2/src/fcml_utils.h
Examining data/fcml-1.2.2/src/fcml_gas_dialect.c
Examining data/fcml-1.2.2/src/fcml_operand_decorators.c
Examining data/fcml-1.2.2/src/fcml_intel_dialect.c
Examining data/fcml-1.2.2/src/fcml_intel_parser_def.c
Examining data/fcml-1.2.2/src/fcml_mnemonic_parser.c
Examining data/fcml-1.2.2/src/fcml_env_int.h
Examining data/fcml-1.2.2/src/fcml_apc_ast.c
Examining data/fcml-1.2.2/src/fcml_decoding_tree.c
Examining data/fcml-1.2.2/src/fcml_intel_rend.c
Examining data/fcml-1.2.2/src/fcml_mnemonic_parser.h
Examining data/fcml-1.2.2/src/fcml_parser_utils.c
Examining data/fcml-1.2.2/src/fcml_modrm_encoder.c
Examining data/fcml-1.2.2/src/fcml_assembler.c
Examining data/fcml-1.2.2/src/fcml_trace.h
Examining data/fcml-1.2.2/src/fcml_dialect_int.h
Examining data/fcml-1.2.2/src/fcml_choosers.c
Examining data/fcml-1.2.2/src/fcml_intel_lexer.c
Examining data/fcml-1.2.2/src/fcml_intel_parser.c
Examining data/fcml-1.2.2/src/fcml_modrm.h
Examining data/fcml-1.2.2/src/fcml_gas_rend.c
Examining data/fcml-1.2.2/src/fcml_modrm_encoder.h
Examining data/fcml-1.2.2/src/fcml_lag_assembler.c
Examining data/fcml-1.2.2/src/fcml_ceh.c
Examining data/fcml-1.2.2/src/fcml_parser_int.h
Examining data/fcml-1.2.2/src/fcml_def.h
Examining data/fcml-1.2.2/src/fcml_messages.c
Examining data/fcml-1.2.2/src/fcml_gas_parser.h
Examining data/fcml-1.2.2/src/fcml_operand_decorators.h
Examining data/fcml-1.2.2/src/fcml_messages.h
Examining data/fcml-1.2.2/src/fcml_stream.h
Examining data/fcml-1.2.2/src/fcml_apc_ast.h
Examining data/fcml-1.2.2/src/fcml_common_lex.h
Examining data/fcml-1.2.2/src/fcml_def_enc.c
Examining data/fcml-1.2.2/src/fcml_intel_parser_def.h
Examining data/fcml-1.2.2/src/fcml_decoding_tree.h
Examining data/fcml-1.2.2/src/fcml_parser_utils.h
FINAL RESULTS:
data/fcml-1.2.2/check/public-tests/instructions_base_t.c:358:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FCML_PRI_INT8_HEX, code[i]);
data/fcml-1.2.2/check/public-tests/instructions_base_t.c:366:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( FCML_PRI_INT8_HEX,
data/fcml-1.2.2/check/public-tests/instructions_base_t.c:437:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("0x" FCML_PRI_INT8_HEX,
data/fcml-1.2.2/check/public-tests/instructions_base_t.c:448:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("0x" FCML_PRI_INT8_HEX, assembled_code[0][i]);
data/fcml-1.2.2/src/fcml_encoding.c:487:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
index += sprintf(print_data_flags_buff + index,
data/fcml-1.2.2/src/fcml_encoding.c:498:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
index += sprintf(print_data_flags_buff + index,
data/fcml-1.2.2/src/fcml_env_int.c:122:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dst, src );
data/fcml-1.2.2/src/fcml_env_int.c:157:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( buffer, (fcml_usize) maxlen, format, args );
data/fcml-1.2.2/src/fcml_env_int.c:163:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( buffer, (fcml_usize) maxlen, format, args );
data/fcml-1.2.2/src/fcml_gas_parser_def.c:756:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/fcml-1.2.2/src/fcml_intel_parser_def.c:800:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/fcml-1.2.2/src/fcml_trace.h:26:75: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define FCML_TRACE(pattern, ...) { printf("%s:%d ", __FILE__, __LINE__); printf(pattern, ##__VA_ARGS__); printf("\n");}
data/fcml-1.2.2/check/public-tests/instructions_base_t.c:511:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[FCML_REND_MAX_BUFF_LEN] = { 0 };
data/fcml-1.2.2/example/fcml-disasm/main.c:346:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char neg[2] = { 0 };
data/fcml-1.2.2/example/fcml-disasm/main.c:721:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[3] = { 0 };
data/fcml-1.2.2/example/hsdis/hsdis.c:312:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
app->config.mnemonic_padding = atoi(current + 5);
data/fcml-1.2.2/example/hsdis/hsdis.c:314:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
app->config.code_padding = atoi(current + 5);
data/fcml-1.2.2/include/fcml_disassembler.hpp:2061:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(dest.getAvxBytes(), src.avx_bytes, sizeof(src.avx_bytes));
data/fcml-1.2.2/src/fcml_encoding.c:455:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(print_data_attr_flags_buff, "ANY");
data/fcml-1.2.2/src/fcml_encoding.c:479:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
index += sprintf(print_data_flags_buff, "Vector length: %d, ",
data/fcml-1.2.2/src/fcml_encoding.c:482:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
index += sprintf(print_data_flags_buff, "L: NS, ");
data/fcml-1.2.2/src/fcml_encoding.c:492:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
index += sprintf(print_data_flags_buff + index,
data/fcml-1.2.2/src/fcml_encoding.c:502:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
index += sprintf(print_data_flags_buff + index,
data/fcml-1.2.2/src/fcml_encoding.c:507:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
index += sprintf(print_data_flags_buff + index, "EOSA: %d, ",
data/fcml-1.2.2/src/fcml_encoding.c:511:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
index += sprintf(print_data_flags_buff + index, "EASA: %d",
data/fcml-1.2.2/src/fcml_env_int.c:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, src, (fcml_usize) len );
data/fcml-1.2.2/src/fcml_env_int.c:100:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( new_str, str, (fcml_usize) size );
data/fcml-1.2.2/src/fcml_env_int.c:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( new_str, str, (fcml_usize) size );
data/fcml-1.2.2/src/fcml_gas_parser_def.c:1170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/fcml-1.2.2/src/fcml_gas_parser_def.c:1434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/fcml-1.2.2/src/fcml_intel_parser_def.c:1214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/fcml-1.2.2/src/fcml_intel_parser_def.c:1472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/fcml-1.2.2/example/fcml-disasm/main.c:723:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcml_int code_str_size = strlen(code_str);
data/fcml-1.2.2/include/fcml_common.hpp:5300:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal && op._hints == _hints && op._decorators == _decorators;
data/fcml-1.2.2/src/fcml_encoding.c:458:22: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
index += sprintf(print_data_attr_flags_buff, "2");
data/fcml-1.2.2/src/fcml_encoding.c:461:22: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
index += sprintf(print_data_attr_flags_buff + index, "4");
data/fcml-1.2.2/src/fcml_encoding.c:464:22: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
index += sprintf(print_data_attr_flags_buff + index, "8");
data/fcml-1.2.2/src/fcml_env_int.c:118:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (fcml_usize) strlen( str );
data/fcml-1.2.2/src/fcml_env_int.c:130:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dst, src, (fcml_usize) len );
data/fcml-1.2.2/src/fcml_env_int.c:134:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcml_usize size = (fcml_usize) ( strlen( str ) + 1 );
data/fcml-1.2.2/src/fcml_gas_lexer.c:1213:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/fcml-1.2.2/src/fcml_gas_lexer.c:3454:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
data/fcml-1.2.2/src/fcml_gas_parser_def.c:1070:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/fcml-1.2.2/src/fcml_intel_lexer.c:1357:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/fcml-1.2.2/src/fcml_intel_lexer.c:3743:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner);
data/fcml-1.2.2/src/fcml_intel_parser_def.c:1114:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
ANALYSIS SUMMARY:
Hits = 46
Lines analyzed = 122754 in approximately 4.94 seconds (24838 lines/second)
Physical Source Lines of Code (SLOC) = 89374
Hits@level = [0] 194 [1] 14 [2] 20 [3] 0 [4] 12 [5] 0
Hits@level+ = [0+] 240 [1+] 46 [2+] 32 [3+] 12 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 2.68534 [1+] 0.514691 [2+] 0.358046 [3+] 0.134267 [4+] 0.134267 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.