Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/freecdb-0.76/alloc.c
Examining data/freecdb-0.76/alloc.h
Examining data/freecdb-0.76/alloc_re.c
Examining data/freecdb-0.76/buffer.c
Examining data/freecdb-0.76/buffer.h
Examining data/freecdb-0.76/buffer_0.c
Examining data/freecdb-0.76/buffer_1.c
Examining data/freecdb-0.76/buffer_2.c
Examining data/freecdb-0.76/buffer_get.c
Examining data/freecdb-0.76/buffer_put.c
Examining data/freecdb-0.76/buffer_read.c
Examining data/freecdb-0.76/buffer_write.c
Examining data/freecdb-0.76/byte.h
Examining data/freecdb-0.76/byte_chr.c
Examining data/freecdb-0.76/byte_copy.c
Examining data/freecdb-0.76/byte_cr.c
Examining data/freecdb-0.76/byte_diff.c
Examining data/freecdb-0.76/byte_rchr.c
Examining data/freecdb-0.76/cdb.c
Examining data/freecdb-0.76/cdb.h
Examining data/freecdb-0.76/cdb_hash.c
Examining data/freecdb-0.76/cdb_make.c
Examining data/freecdb-0.76/cdb_make.h
Examining data/freecdb-0.76/cdbdump.c
Examining data/freecdb-0.76/cdbget.c
Examining data/freecdb-0.76/cdbmake.c
Examining data/freecdb-0.76/cdbstats.c
Examining data/freecdb-0.76/error.c
Examining data/freecdb-0.76/error.h
Examining data/freecdb-0.76/error_str.c
Examining data/freecdb-0.76/exit.h
Examining data/freecdb-0.76/fmt.h
Examining data/freecdb-0.76/fmt_uint.c
Examining data/freecdb-0.76/fmt_uint0.c
Examining data/freecdb-0.76/fmt_ulong.c
Examining data/freecdb-0.76/open.h
Examining data/freecdb-0.76/open_trunc.c
Examining data/freecdb-0.76/readwrite.h
Examining data/freecdb-0.76/scan.h
Examining data/freecdb-0.76/scan_ulong.c
Examining data/freecdb-0.76/seek.h
Examining data/freecdb-0.76/seek_set.c
Examining data/freecdb-0.76/str.h
Examining data/freecdb-0.76/str_chr.c
Examining data/freecdb-0.76/str_diff.c
Examining data/freecdb-0.76/str_len.c
Examining data/freecdb-0.76/str_start.c
Examining data/freecdb-0.76/strerr.h
Examining data/freecdb-0.76/strerr_die.c
Examining data/freecdb-0.76/strerr_sys.c
Examining data/freecdb-0.76/tryulong32.c
Examining data/freecdb-0.76/uint32_pack.c
Examining data/freecdb-0.76/uint32_unpack.c
FINAL RESULTS:
data/freecdb-0.76/alloc.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
data/freecdb-0.76/buffer_0.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_0_space[BUFFER_INSIZE];
data/freecdb-0.76/buffer_1.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_1_space[BUFFER_OUTSIZE];
data/freecdb-0.76/buffer_2.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_2_space[256];
data/freecdb-0.76/cdb.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/freecdb-0.76/cdb.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/freecdb-0.76/cdb_make.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/freecdb-0.76/cdb_make.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/freecdb-0.76/cdb_make.h:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bspace[8192];
data/freecdb-0.76/cdb_make.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[2048];
data/freecdb-0.76/cdbdump.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/freecdb-0.76/cdbdump.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[FMT_ULONG];
data/freecdb-0.76/cdbget.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/freecdb-0.76/cdbmake.c:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[FMT_ULONG];
data/freecdb-0.76/cdbstats.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/freecdb-0.76/cdbstats.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[FMT_ULONG];
data/freecdb-0.76/open_trunc.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_TRUNC | O_CREAT,0644); }
data/freecdb-0.76/uint32_pack.c:5:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_pack(char s[4],uint32 u)
data/freecdb-0.76/uint32_pack.c:15:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_pack_big(char s[4],uint32 u)
data/freecdb-0.76/uint32_unpack.c:5:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_unpack(const char s[4],uint32 *u)
data/freecdb-0.76/uint32_unpack.c:20:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_unpack_big(const char s[4],uint32 *u)
data/freecdb-0.76/buffer_read.c:8:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd,buf,len);
data/freecdb-0.76/cdb.c:55:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(c->fd,buf,len);
ANALYSIS SUMMARY:
Hits = 23
Lines analyzed = 2128 in approximately 0.10 seconds (22130 lines/second)
Physical Source Lines of Code (SLOC) = 1731
Hits@level = [0] 0 [1] 2 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 23 [1+] 23 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 13.2871 [1+] 13.2871 [2+] 12.1317 [3+] 0 [4+] 0 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.