Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcyaml-1.1.0/examples/numerical/main.c
Examining data/libcyaml-1.1.0/examples/planner/main.c
Examining data/libcyaml-1.1.0/include/cyaml/cyaml.h
Examining data/libcyaml-1.1.0/src/data.h
Examining data/libcyaml-1.1.0/src/free.c
Examining data/libcyaml-1.1.0/src/load.c
Examining data/libcyaml-1.1.0/src/mem.c
Examining data/libcyaml-1.1.0/src/mem.h
Examining data/libcyaml-1.1.0/src/save.c
Examining data/libcyaml-1.1.0/src/utf8.c
Examining data/libcyaml-1.1.0/src/utf8.h
Examining data/libcyaml-1.1.0/src/util.c
Examining data/libcyaml-1.1.0/src/util.h
Examining data/libcyaml-1.1.0/test/units/errs.c
Examining data/libcyaml-1.1.0/test/units/file.c
Examining data/libcyaml-1.1.0/test/units/free.c
Examining data/libcyaml-1.1.0/test/units/load.c
Examining data/libcyaml-1.1.0/test/units/save.c
Examining data/libcyaml-1.1.0/test/units/test.c
Examining data/libcyaml-1.1.0/test/units/ttest.h
Examining data/libcyaml-1.1.0/test/units/utf8.c
Examining data/libcyaml-1.1.0/test/units/util.c
FINAL RESULTS:
data/libcyaml-1.1.0/src/save.c:518:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string, "%"PRIi64, value);
data/libcyaml-1.1.0/src/save.c:536:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string, "0x%"PRIx64, value);
data/libcyaml-1.1.0/src/save.c:538:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string, "%"PRIu64, value);
data/libcyaml-1.1.0/src/util.c:77:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/libcyaml-1.1.0/test/units/ttest.h:146:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, reason, args);
data/libcyaml-1.1.0/test/units/utf8.c:50:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_%u", __func__, i);
data/libcyaml-1.1.0/test/units/utf8.c:97:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_%u", __func__, i);
data/libcyaml-1.1.0/test/units/utf8.c:183:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_%u", __func__, i);
data/libcyaml-1.1.0/test/units/utf8.c:226:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_%u", __func__, i);
data/libcyaml-1.1.0/src/data.h:41:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_tgt, value_bytes, entry_size);
data/libcyaml-1.1.0/src/data.h:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret_bytes, data, entry_size);
data/libcyaml-1.1.0/src/load.c:562:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + data_count, event, sizeof(*data));
data/libcyaml-1.1.0/src/load.c:631:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(event_out, replay_event, sizeof(*event_out));
data/libcyaml-1.1.0/src/load.c:1481:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &temp, sizeof(temp));
data/libcyaml-1.1.0/src/load.c:1516:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &temp, sizeof(temp));
data/libcyaml-1.1.0/src/load.c:1599:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, value, str_len + 1);
data/libcyaml-1.1.0/src/load.c:2569:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "r");
data/libcyaml-1.1.0/src/mem.h:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, len);
data/libcyaml-1.1.0/src/save.c:516:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[32];
data/libcyaml-1.1.0/src/save.c:533:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[32];
data/libcyaml-1.1.0/src/save.c:553:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[64];
data/libcyaml-1.1.0/src/save.c:555:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%g", value);
data/libcyaml-1.1.0/src/save.c:569:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[64];
data/libcyaml-1.1.0/src/save.c:571:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.16e", value);
data/libcyaml-1.1.0/src/save.c:737:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&number, data, schema->data_size);
data/libcyaml-1.1.0/src/save.c:742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&number, data, schema->data_size);
data/libcyaml-1.1.0/src/save.c:1362:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "w");
data/libcyaml-1.1.0/src/save.c:1436:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_ctx->data + buffer_ctx->used, buffer, size);
data/libcyaml-1.1.0/src/util.c:84:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const strings[CYAML_ERR__COUNT] = {
data/libcyaml-1.1.0/src/util.h:79:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const strings[CYAML_STATE__COUNT] = {
data/libcyaml-1.1.0/src/util.h:101:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const strings[CYAML__TYPE_COUNT] = {
data/libcyaml-1.1.0/test/units/load.c:925:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_value_string[50];
data/libcyaml-1.1.0/test/units/load.c:2186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[5][7];
data/libcyaml-1.1.0/test/units/load.c:2256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq[5];
data/libcyaml-1.1.0/test/units/load.c:3114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*seq)[7];
data/libcyaml-1.1.0/test/units/load.c:4870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[10];
data/libcyaml-1.1.0/test/units/load.c:4877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[10];
data/libcyaml-1.1.0/test/units/load.c:5149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *seq[4];
data/libcyaml-1.1.0/test/units/load.c:5220:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *seq[4];
data/libcyaml-1.1.0/test/units/save.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_string[32];
data/libcyaml-1.1.0/test/units/save.c:1697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[5][7];
data/libcyaml-1.1.0/test/units/save.c:1769:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq[5];
data/libcyaml-1.1.0/test/units/save.c:2674:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char (*seq)[7];
data/libcyaml-1.1.0/test/units/utf8.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__func__) + 32];
data/libcyaml-1.1.0/test/units/utf8.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__func__) + 32];
data/libcyaml-1.1.0/test/units/utf8.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__func__) + 32];
data/libcyaml-1.1.0/test/units/utf8.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__func__) + 32];
data/libcyaml-1.1.0/src/load.c:248:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(alias);
data/libcyaml-1.1.0/src/load.c:1187:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delta = strlen((const char *)
data/libcyaml-1.1.0/src/load.c:1587:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str_len = strlen(value);
data/libcyaml-1.1.0/src/load.c:1977:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(value)) {
data/libcyaml-1.1.0/src/mem.h:95:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str) + 1;
data/libcyaml-1.1.0/src/save.c:501:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(value),
data/libcyaml-1.1.0/test/units/load.c:953:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned i = 0; i < strlen(value) + 1; i++) {
data/libcyaml-1.1.0/test/units/util.c:131:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(orig) != len) {
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 25530 in approximately 0.71 seconds (35864 lines/second)
Physical Source Lines of Code (SLOC) = 18207
Hits@level = [0] 27 [1] 8 [2] 38 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 82 [1+] 55 [2+] 47 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 4.50376 [1+] 3.02082 [2+] 2.58142 [3+] 0.494315 [4+] 0.494315 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.