Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gccintro-1.0/alpha.c
Examining data/gccintro-1.0/ansi.c
Examining data/gccintro-1.0/bad.c
Examining data/gccintro-1.0/badpow.c
Examining data/gccintro-1.0/bye_fn.c
Examining data/gccintro-1.0/calc.c
Examining data/gccintro-1.0/castqual.c
Examining data/gccintro-1.0/collatz.c
Examining data/gccintro-1.0/cov.c
Examining data/gccintro-1.0/dbmain.c
Examining data/gccintro-1.0/dtest.c
Examining data/gccintro-1.0/dtestval3.c
Examining data/gccintro-1.0/gnuarray.c
Examining data/gccintro-1.0/hello.c
Examining data/gccintro-1.0/hello_fn.c
Examining data/gccintro-1.0/main.c
Examining data/gccintro-1.0/main2.c
Examining data/gccintro-1.0/main3.c
Examining data/gccintro-1.0/main4.c
Examining data/gccintro-1.0/nested.c
Examining data/gccintro-1.0/optim.c
Examining data/gccintro-1.0/shadow.c
Examining data/gccintro-1.0/shadow2.c
Examining data/gccintro-1.0/test.c
Examining data/gccintro-1.0/uninit.c
Examining data/gccintro-1.0/w.c
Examining data/gccintro-1.0/buffer.h
Examining data/gccintro-1.0/hello.h
Examining data/gccintro-1.0/hello1.h
Examining data/gccintro-1.0/templates.cc
Examining data/gccintro-1.0/templates2.cc
Examining data/gccintro-1.0/fptest2.c
Examining data/gccintro-1.0/loop.c
Examining data/gccintro-1.0/msg-assign.c
Examining data/gccintro-1.0/msg-char.c
Examining data/gccintro-1.0/msg-const.c
Examining data/gccintro-1.0/msg-control.c
Examining data/gccintro-1.0/msg-cppheader.c
Examining data/gccintro-1.0/msg-derefincomplete.c
Examining data/gccintro-1.0/msg-eoi.c
Examining data/gccintro-1.0/msg-file.c
Examining data/gccintro-1.0/msg-implicitdecl.c
Examining data/gccintro-1.0/msg-init.c
Examining data/gccintro-1.0/msg-invalidpp.c
Examining data/gccintro-1.0/msg-nest1.h
Examining data/gccintro-1.0/msg-nest2.h
Examining data/gccintro-1.0/msg-null.c
Examining data/gccintro-1.0/msg-parse.c
Examining data/gccintro-1.0/msg-string2.c
Examining data/gccintro-1.0/msg-string2.cc
Examining data/gccintro-1.0/msg-undeclared.c
Examining data/gccintro-1.0/msg-undef.c
Examining data/gccintro-1.0/msg-unknownesc.c
Examining data/gccintro-1.0/msg-unterm.c
Parsing failed to find end of parameter list in ("Hello World!\n); /* no closing quote */
return 0;
}
Examining data/gccintro-1.0/msg-unused.c
Examining data/gccintro-1.0/setfpu.c
Examining data/gccintro-1.0/signed.c
Examining data/gccintro-1.0/testgetc.c
Examining data/gccintro-1.0/testgetc2.c
Examining data/gccintro-1.0/wabs.c
Examining data/gccintro-1.0/dtestval.c
Examining data/gccintro-1.0/dtestval2.c
Examining data/gccintro-1.0/hello.cc
Examining data/gccintro-1.0/hellostr.cc
Examining data/gccintro-1.0/null.c
Examining data/gccintro-1.0/pi.c
Examining data/gccintro-1.0/string.cc
Examining data/gccintro-1.0/tprog.cc
Examining data/gccintro-1.0/bof.c
Examining data/gccintro-1.0/format.c
FINAL RESULTS:
data/gccintro-1.0/bof.c:12:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, argv[1]);
data/gccintro-1.0/format.c:9:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, argv[1]);
data/gccintro-1.0/msg-string2.c:6:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ('Hello World!\n'); /* wrong quotes */
data/gccintro-1.0/msg-unterm.c:6:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ("Hello World!\n); /* no closing quote */
data/gccintro-1.0/bof.c:8:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[DESTLEN];
data/gccintro-1.0/testgetc.c:7:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getchar()) != EOF) /* not portable */
data/gccintro-1.0/testgetc2.c:7:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((i = getchar()) != EOF)
ANALYSIS SUMMARY:
Hits = 7
Lines analyzed = 725 in approximately 0.08 seconds (8788 lines/second)
Physical Source Lines of Code (SLOC) = 636
Hits@level = [0] 43 [1] 2 [2] 1 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 50 [1+] 7 [2+] 5 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 78.6164 [1+] 11.0063 [2+] 7.86164 [3+] 6.28931 [4+] 6.28931 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.