Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/hexedit-1.5/display.c Examining data/hexedit-1.5/file.c Examining data/hexedit-1.5/hexedit.c Examining data/hexedit-1.5/hexedit.h Examining data/hexedit-1.5/interact.c Examining data/hexedit-1.5/mark.c Examining data/hexedit-1.5/misc.c Examining data/hexedit-1.5/page.c Examining data/hexedit-1.5/search.c FINAL RESULTS: data/hexedit-1.5/display.c:287:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*last) strcpy(p, *last); else ret = FALSE; data/hexedit-1.5/hexedit.h:43:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DIE(M) { exitCurses(); fprintf(stderr, M, progName); exit(1); } data/hexedit-1.5/interact.c:317:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(args[0], args); data/hexedit-1.5/display.c:306:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/file.c:29:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fileName, O_RDWR)) == -1) { data/hexedit-1.5/file.c:31:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fileName, O_RDONLY)) == -1) { data/hexedit-1.5/file.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, tmp[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/hexedit.c:73:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lineLength = atoi(*argv + 2); data/hexedit-1.5/hexedit.c:76:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lineLength = atoi(*argv); data/hexedit-1.5/interact.c:309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[3]; data/hexedit-1.5/interact.c:546:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/mark.c:53:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copyBuffer + p->base - min, data/hexedit-1.5/mark.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/mark.c:79:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = open(tmp, O_RDONLY)) != -1) { data/hexedit-1.5/mark.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/mark.c:115:41: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. for (i = 0; i < l1 - l2 + 1; i += l2) memcpy(tmp1 + i, tmp2, l2); data/hexedit-1.5/mark.c:116:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp1 + i, tmp2, l1 - i); data/hexedit-1.5/misc.c:68:19: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (char *) bcopy(str, new, len); data/hexedit-1.5/misc.c:91:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (a) memcpy(p, a, la); data/hexedit-1.5/misc.c:92:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (b) memcpy(p + la, b, lb); data/hexedit-1.5/misc.c:93:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (c) memcpy(p + la + lb, c, lc); data/hexedit-1.5/page.c:83:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + q->base - min, q->vals, q->size); data/hexedit-1.5/page.c:84:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + base - min, vals, size); data/hexedit-1.5/page.c:85:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + p->base - min, p->vals, p->size); data/hexedit-1.5/page.c:92:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + q->base - min, q->vals, q->size); data/hexedit-1.5/page.c:93:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + base - min, vals, size); data/hexedit-1.5/page.c:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, vals, size); data/hexedit-1.5/page.c:101:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + p->base - base, p->vals, p->size); data/hexedit-1.5/page.c:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->vals, vals, size); data/hexedit-1.5/page.c:133:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q->vals, p->vals + base + size - p->base, q->size); data/hexedit-1.5/search.c:37:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*string, tmp, *sizea); data/hexedit-1.5/search.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *string, tmp[BLOCK_SEARCH_SIZE], tmpstr[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/search.c:71:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpstr,"searching... 0x%08llX", (long long) blockstart); data/hexedit-1.5/search.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *string, tmp[BLOCK_SEARCH_SIZE], tmpstr[BLOCK_SEARCH_SIZE]; data/hexedit-1.5/search.c:102:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpstr,"searching... 0x%08llX", (long long) blockstart); data/hexedit-1.5/display.c:250:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). move(line, (COLS - strlen(msg)) / 2); data/hexedit-1.5/display.c:299:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = s + strlen(s) - 1; p >= s; p--) ungetch(*p); data/hexedit-1.5/display.c:311:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). err = sscanf(tmp + strlen("0x"), "%llx", &n); data/hexedit-1.5/file.c:66:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nbBytes = read(fd, buffer, page); data/hexedit-1.5/file.c:124:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, &c, 1) == 1) { data/hexedit-1.5/hexedit.c:72:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strbeginswith(*argv, "-l") && strlen(*argv) > 2) data/hexedit-1.5/mark.c:45:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (LSEEK_(fd, mark_min) == -1 || read(fd, copyBuffer, sizeCopyBuffer) == -1) { data/hexedit-1.5/mark.c:107:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(tmp2); data/hexedit-1.5/mark.c:109:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp2) == 1) { data/hexedit-1.5/misc.c:64:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str) + 1; data/hexedit-1.5/misc.c:82:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp(a, prefix, strlen(prefix)) == 0; data/hexedit-1.5/misc.c:87:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t la = a ? strlen(a) : 0; data/hexedit-1.5/misc.c:88:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lb = b ? strlen(b) : 0; data/hexedit-1.5/misc.c:89:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lc = c ? strlen(c) : 0; data/hexedit-1.5/search.c:33:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *sizea = strlen(tmp); data/hexedit-1.5/search.c:67:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((sizeb = read(fd, tmp, BLOCK_SEARCH_SIZE)) < sizea) quit = -3; data/hexedit-1.5/search.c:97:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeb != read(fd, tmp, sizeb)) quit = -3; ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 2151 in approximately 0.10 seconds (21202 lines/second) Physical Source Lines of Code (SLOC) = 1611 Hits@level = [0] 5 [1] 17 [2] 32 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 57 [1+] 52 [2+] 35 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 35.3818 [1+] 32.2781 [2+] 21.7256 [3+] 1.8622 [4+] 1.8622 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.