Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/itk3-3.4.2/generic/itkStubLib.c Examining data/itk3-3.4.2/generic/itk_archetype.c Examining data/itk3-3.4.2/generic/itkStubInit.c Examining data/itk3-3.4.2/generic/itkDecls.h Examining data/itk3-3.4.2/generic/itk.h Examining data/itk3-3.4.2/generic/itk_cmds.c Examining data/itk3-3.4.2/generic/itk_util.c Examining data/itk3-3.4.2/generic/itk_option.c Examining data/itk3-3.4.2/win/dllEntryPoint.c Examining data/itk3-3.4.2/win/nmakehlp.c FINAL RESULTS: data/itk3-3.4.2/generic/itk_archetype.c:808:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, resultStr); data/itk3-3.4.2/generic/itk_archetype.c:2928:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lastval, v); data/itk3-3.4.2/generic/itk_archetype.c:3173:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->init, init); data/itk3-3.4.2/generic/itk_archetype.c:3202:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archComp->pathName, wname); data/itk3-3.4.2/generic/itk_archetype.c:3272:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name+1, switchName); data/itk3-3.4.2/generic/itk_archetype.c:3288:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->resName, resName); data/itk3-3.4.2/generic/itk_archetype.c:3301:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->resClass, resClass); data/itk3-3.4.2/generic/itk_archetype.c:3328:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->switchName, name); data/itk3-3.4.2/generic/itk_archetype.c:3332:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->resName, resName); data/itk3-3.4.2/generic/itk_archetype.c:3340:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->resClass, resClass); data/itk3-3.4.2/generic/itk_archetype.c:3454:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archOpt->init, ival); data/itk3-3.4.2/generic/itk_archetype.c:3661:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name+1, switchName); data/itk3-3.4.2/generic/itk_archetype.c:3733:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name+1, switchName); data/itk3-3.4.2/generic/itk_archetype.c:4101:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name+1, switchName); data/itk3-3.4.2/generic/itk_option.c:434:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opt->resName, resName); data/itk3-3.4.2/generic/itk_option.c:437:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opt->resClass, resClass); data/itk3-3.4.2/generic/itk_option.c:440:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opt->init, defVal); data/itk3-3.4.2/win/nmakehlp.c:145:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmdline, option); data/itk3-3.4.2/win/nmakehlp.c:236:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmdline, option); data/itk3-3.4.2/win/nmakehlp.c:149:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itk3-3.4.2/win/nmakehlp.c:149:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itk3-3.4.2/win/nmakehlp.c:238:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itk3-3.4.2/win/nmakehlp.c:238:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itk3-3.4.2/generic/itk_archetype.c:2119:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itk3-3.4.2/generic/itk_archetype.c:2120:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while adding option \"%.100s\")", token); data/itk3-3.4.2/generic/itk_archetype.c:2280:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itk3-3.4.2/generic/itk_archetype.c:2281:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while removing option \"%.100s\")", data/itk3-3.4.2/generic/itk_archetype.c:2786:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itk3-3.4.2/generic/itk_archetype.c:2787:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (error in configuration of public variable \"%.100s\")", vdefn->member->fullname); data/itk3-3.4.2/generic/itk_archetype.c:2812:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itk3-3.4.2/generic/itk_archetype.c:2813:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (error in configuration of public variable \"%.100s\")", vdefn->member->fullname); data/itk3-3.4.2/generic/itk_util.c:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((VOID*)newOrder, (VOID*)olist->list, (size_t)size); data/itk3-3.4.2/win/nmakehlp.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STATICBUFFERSIZE]; data/itk3-3.4.2/win/nmakehlp.c:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/itk3-3.4.2/win/nmakehlp.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/itk3-3.4.2/win/nmakehlp.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/itk3-3.4.2/win/nmakehlp.c:143:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X "); data/itk3-3.4.2/win/nmakehlp.c:147:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cmdline, " .\\nul"); data/itk3-3.4.2/win/nmakehlp.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/itk3-3.4.2/win/nmakehlp.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/itk3-3.4.2/win/nmakehlp.c:234:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmdline, "link.exe -nologo "); data/itk3-3.4.2/win/nmakehlp.c:326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[51], s2[51], s3[51]; data/itk3-3.4.2/win/nmakehlp.c:330:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rt"); data/itk3-3.4.2/generic/itk_archetype.c:610:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(token); data/itk3-3.4.2/generic/itk_archetype.c:807:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = (char*)ckalloc((unsigned)(strlen(resultStr)+1)); data/itk3-3.4.2/generic/itk_archetype.c:1935:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(token); data/itk3-3.4.2/generic/itk_archetype.c:2927:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lastval = (char*)ckalloc((unsigned)(strlen(v)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3172:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->init = (char*)ckalloc((unsigned)(strlen(init)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3201:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archComp->pathName = (char *) ckalloc((unsigned)(strlen(wname)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3270:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = ckalloc((unsigned)(strlen(switchName)+2)); data/itk3-3.4.2/generic/itk_archetype.c:3287:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3300:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3327:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->switchName = (char*)ckalloc((unsigned)(strlen(name)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3331:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3339:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3453:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archOpt->init = (char*)ckalloc((unsigned)(strlen(ival)+1)); data/itk3-3.4.2/generic/itk_archetype.c:3659:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = ckalloc((unsigned)(strlen(switchName)+2)); data/itk3-3.4.2/generic/itk_archetype.c:3731:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = ckalloc((unsigned)(strlen(switchName)+2)); data/itk3-3.4.2/generic/itk_archetype.c:4099:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = ckalloc((unsigned)(strlen(switchName)+2)); data/itk3-3.4.2/generic/itk_option.c:433:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). opt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1)); data/itk3-3.4.2/generic/itk_option.c:436:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). opt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1)); data/itk3-3.4.2/generic/itk_option.c:439:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). opt->init = (char*)ckalloc((unsigned)(strlen(defVal)+1)); data/itk3-3.4.2/win/nmakehlp.c:168:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL); data/itk3-3.4.2/win/nmakehlp.c:257:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL); data/itk3-3.4.2/win/nmakehlp.c:336:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. r = fscanf(f, "%50s", s1); data/itk3-3.4.2/win/nmakehlp.c:339:10: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. r = fscanf(f, "%50s %50s", s2, s3); ANALYSIS SUMMARY: Hits = 66 Lines analyzed = 6350 in approximately 0.19 seconds (33549 lines/second) Physical Source Lines of Code (SLOC) = 3629 Hits@level = [0] 0 [1] 23 [2] 20 [3] 4 [4] 19 [5] 0 Hits@level+ = [0+] 66 [1+] 66 [2+] 43 [3+] 23 [4+] 19 [5+] 0 Hits/KSLOC@level+ = [0+] 18.1868 [1+] 18.1868 [2+] 11.849 [3+] 6.33783 [4+] 5.2356 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.