Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kmflcomp-11.0.101/include/kmfl.h
Examining data/kmflcomp-11.0.101/include/kmflcomp.h
Examining data/kmflcomp-11.0.101/include/kmflutfconv.h
Examining data/kmflcomp-11.0.101/kmfl_compiler/kmfl_compiler.c
Examining data/kmflcomp-11.0.101/src/compiler.h
Examining data/kmflcomp-11.0.101/src/kmflcomp.c
Examining data/kmflcomp-11.0.101/src/lex.c
Examining data/kmflcomp-11.0.101/src/memman.c
Examining data/kmflcomp-11.0.101/src/memman.h
Examining data/kmflcomp-11.0.101/src/utfconv.c
Examining data/kmflcomp-11.0.101/src/yacc.c
Examining data/kmflcomp-11.0.101/src/yacc.h
FINAL RESULTS:
data/kmflcomp-11.0.101/src/compiler.h:161:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/kmflcomp-11.0.101/src/compiler.h:161:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/kmflcomp-11.0.101/src/compiler.h:162:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/kmflcomp-11.0.101/src/kmflcomp.c:80:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile,infile); pdot = rindex(outfile,'.');
data/kmflcomp-11.0.101/src/kmflcomp.c:142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp,infile); strcat(ftmp,".kmn");
data/kmflcomp-11.0.101/src/kmflcomp.c:1004:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
*p = (char)q; strcpy(p+1, sp);
data/kmflcomp-11.0.101/src/kmflcomp.c:1207:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(t,511,s,v1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1227:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(t,511,s,v1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1245:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt,args);
data/kmflcomp-11.0.101/src/kmflcomp.c:1256:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,s,v1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1275:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(t,511,s,v1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1474:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bmp_path+(p-fname+1),tname);
data/kmflcomp-11.0.101/src/kmflcomp.c:1479:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bmp_path,tname);
data/kmflcomp-11.0.101/src/kmflcomp.c:1504:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(icons_path+(p-fname+1+6),tname);
data/kmflcomp-11.0.101/src/kmflcomp.c:1509:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(icons_path, bmp_path);
data/kmflcomp-11.0.101/src/memman.c:116:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, str);
data/kmflcomp-11.0.101/src/yacc.c:846:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/kmflcomp-11.0.101/kmfl_compiler/kmfl_compiler.c:63:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt=getopt(argc,argv,"dfhVvy"))!=EOF)
data/kmflcomp-11.0.101/include/kmfl.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4]; // always KMFL
data/kmflcomp-11.0.101/include/kmfl.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5]; // keyboard version(4) and file version(1)
data/kmflcomp-11.0.101/include/kmfl.h:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN+1]; // utf8 version of keyboard name
data/kmflcomp-11.0.101/include/kmfl.h:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbd_name[NAMELEN+1]; // name of currently attached keyboard
data/kmflcomp-11.0.101/src/compiler.h:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN+1]; // name of deadkey
data/kmflcomp-11.0.101/src/compiler.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN+1]; // name of store
data/kmflcomp-11.0.101/src/compiler.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN+1]; // name of group
data/kmflcomp-11.0.101/src/compiler.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4]; // always KMFL
data/kmflcomp-11.0.101/src/compiler.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5]; // initially 1000
data/kmflcomp-11.0.101/src/compiler.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN+1]; // utf8 version of keyboard name
data/kmflcomp-11.0.101/src/kmflcomp.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[6]=BASE_VERSION FILE_VERSION; // Concatenate keyboard version and file version
data/kmflcomp-11.0.101/src/kmflcomp.c:81:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(pdot) strcpy(pdot, ".kmfl"); else strcat(outfile,".kmfl");
data/kmflcomp-11.0.101/src/kmflcomp.c:81:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(pdot) strcpy(pdot, ".kmfl"); else strcat(outfile,".kmfl");
data/kmflcomp-11.0.101/src/kmflcomp.c:85:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((out=open(outfile,O_WRONLY|O_BINARY|O_CREAT|O_TRUNC,00666)) < 0) return(-2);
data/kmflcomp-11.0.101/src/kmflcomp.c:137:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(infile,"r");
data/kmflcomp-11.0.101/src/kmflcomp.c:142:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(ftmp,infile); strcat(ftmp,".kmn");
data/kmflcomp-11.0.101/src/kmflcomp.c:143:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(ftmp,"r");
data/kmflcomp-11.0.101/src/kmflcomp.c:255:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+(*bufsize), chunk, chunk_size);
data/kmflcomp-11.0.101/src/kmflcomp.c:284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xkbd,kbp,sizeof(XKEYBOARD));
data/kmflcomp-11.0.101/src/kmflcomp.c:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xkbd.id,"KMFL",4);
data/kmflcomp-11.0.101/src/kmflcomp.c:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xkbd.version,Version,5);
data/kmflcomp-11.0.101/src/kmflcomp.c:1045:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[256];
data/kmflcomp-11.0.101/src/kmflcomp.c:1057:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[0x%x]",(*p&0xffffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1062:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[key %x,0x%x]",(*p&0xff0000)>>16,(*p&0xff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1065:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[any %u]",(unsigned)(*p&0xffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1068:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[index %d,%u]",(*p&0xff0000)>>16,(*p&0xffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1071:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[outs %u]",(*p&0xffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1074:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[dk %u]",(*p&0xffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1078:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[context %u]",(*p&0xff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1080:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[context]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1083:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[nul]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1086:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[return]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1089:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[beep]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1092:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[use %u]",(*p&0xffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1095:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[match]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1098:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[nomatch]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1101:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[+]");
data/kmflcomp-11.0.101/src/kmflcomp.c:1104:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sp += sprintf(sp,"[use %u]",(*p&0xffff));
data/kmflcomp-11.0.101/src/kmflcomp.c:1169:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Version,"%4.4d%1.1s",kbver,FILE_VERSION);
data/kmflcomp-11.0.101/src/kmflcomp.c:1203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[512];
data/kmflcomp-11.0.101/src/kmflcomp.c:1221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[512];
data/kmflcomp-11.0.101/src/kmflcomp.c:1269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[512];
data/kmflcomp-11.0.101/src/kmflcomp.c:1430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *ptr, tname[128];
data/kmflcomp-11.0.101/src/kmflcomp.c:1484:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bmp_path,".png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1503:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(icons_path+(p-fname+1),"icons/");
data/kmflcomp-11.0.101/src/kmflcomp.c:1508:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(icons_path,"icons/");
data/kmflcomp-11.0.101/src/kmflcomp.c:1518:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bmp_path,".bmp");
data/kmflcomp-11.0.101/src/kmflcomp.c:1523:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(icons_path,".bmp");
data/kmflcomp-11.0.101/src/kmflcomp.c:1529:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bmp_path+strlen(bmp_path)-4,".png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1535:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(icons_path+strlen(icons_path)-4,".png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1541:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bmp_path+strlen(bmp_path)-4,".ico.png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1549:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bmp_path, ".png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1589:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t8[2048];
data/kmflcomp-11.0.101/src/kmflcomp.c:1593:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if((fp8=tmpfile()) == NULL) return NULL;
data/kmflcomp-11.0.101/src/kmflcomp.c:1627:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char FileName[MAX_PATH], KeyboardName[32];
data/kmflcomp-11.0.101/src/lex.c:1775:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{yylval.number=atoi(yytext+1);return(TOK_NUMBER);}
data/kmflcomp-11.0.101/src/yacc.c:1092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/kmflcomp-11.0.101/src/yacc.c:1279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/kmflcomp-11.0.101/src/yacc.c:1937:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(yyval.number) = MAKE_PARAMETER_ITEM(ITEM_INDEX,atoi((yyvsp[-1].string)),n);
data/kmflcomp-11.0.101/src/yacc.c:1984:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(yyval.number) = MAKE_ITEM(ITEM_CONTEXT,atoi((yyvsp[-1].string)));
data/kmflcomp-11.0.101/src/kmflcomp.c:77:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(infile)+6;
data/kmflcomp-11.0.101/src/kmflcomp.c:141:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ftmp = (char *)checked_alloc(strlen(infile)+6,1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1002:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(sp);
data/kmflcomp-11.0.101/src/kmflcomp.c:1016:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(sp);
data/kmflcomp-11.0.101/src/kmflcomp.c:1296:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, len);
data/kmflcomp-11.0.101/src/kmflcomp.c:1300:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) > len)
data/kmflcomp-11.0.101/src/kmflcomp.c:1330:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 3)
data/kmflcomp-11.0.101/src/kmflcomp.c:1472:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bmp_path = (char *)checked_alloc((p-fname+1)+strlen(tname)+10,1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1473:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bmp_path,fname,p-fname+1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1478:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bmp_path = (char *)checked_alloc(strlen(tname)+10,1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1482:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(bmp_path+strlen(bmp_path)-4, ".ico", 4) == 0)
data/kmflcomp-11.0.101/src/kmflcomp.c:1499:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
icons_path = (char *)checked_alloc(strlen(bmp_path)+12,1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1502:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(icons_path,fname,p-fname+1);
data/kmflcomp-11.0.101/src/kmflcomp.c:1529:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(bmp_path+strlen(bmp_path)-4,".png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1535:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(icons_path+strlen(icons_path)-4,".png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1541:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(bmp_path+strlen(bmp_path)-4,".ico.png");
data/kmflcomp-11.0.101/src/kmflcomp.c:1570:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
titems = (UTF32 *)checked_alloc(strlen(p)+1,sizeof(UTF32));
data/kmflcomp-11.0.101/src/kmflcomp.c:1572:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IConvertUTF8toUTF32((const UTF8 **)&p2,(UTF8*)(p+strlen(p)),(UTF32 **)&p1,p1+strlen(p));
data/kmflcomp-11.0.101/src/kmflcomp.c:1572:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IConvertUTF8toUTF32((const UTF8 **)&p2,(UTF8*)(p+strlen(p)),(UTF32 **)&p1,p1+strlen(p));
data/kmflcomp-11.0.101/src/lex.c:1325:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/kmflcomp-11.0.101/src/lex.c:3562:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/kmflcomp-11.0.101/src/memman.c:113:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s= mem_alloc(strlen(str) + 1);
data/kmflcomp-11.0.101/src/yacc.c:992:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 8866 in approximately 0.57 seconds (15440 lines/second)
Physical Source Lines of Code (SLOC) = 6777
Hits@level = [0] 27 [1] 23 [2] 60 [3] 1 [4] 17 [5] 0
Hits@level+ = [0+] 128 [1+] 101 [2+] 78 [3+] 18 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 18.8874 [1+] 14.9033 [2+] 11.5095 [3+] 2.65604 [4+] 2.50848 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.