Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libdbi-0.9.0/drivers/example/dbd_example.c
Examining data/libdbi-0.9.0/drivers/example/dbd_example.h
Examining data/libdbi-0.9.0/src/atoll.c
Examining data/libdbi-0.9.0/src/asprintf.c
Examining data/libdbi-0.9.0/src/timegm.c
Examining data/libdbi-0.9.0/src/dbd_helper.c
Examining data/libdbi-0.9.0/src/dbi_main.c
Examining data/libdbi-0.9.0/src/dbi_result.c
Examining data/libdbi-0.9.0/include/dbi/dbi.h
Examining data/libdbi-0.9.0/include/dbi/dbi-dev.h
Examining data/libdbi-0.9.0/include/dbi/dbd.h
FINAL RESULTS:
data/libdbi-0.9.0/src/asprintf.c:94:24: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(*result, format, args);
data/libdbi-0.9.0/src/dbi_main.c:141:95: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
dbi_result dbi_conn_queryf(dbi_conn Conn, const char *formatstr, ...) __attribute__ ((format (printf, 2, 3)));
data/libdbi-0.9.0/src/dbi_main.c:142:103: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int dbi_conn_set_error(dbi_conn Conn, int errnum, const char *formatstr, ...) __attribute__ ((format (printf, 3, 4)));
data/libdbi-0.9.0/src/dbi_main.c:1646:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libdbi-0.9.0/src/dbi_main.c:1657:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libdbi-0.9.0/src/dbi_main.c:1814:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(win_errstr, "Error code 1(%d) while loading library %s", GetLastError(), filename);
data/libdbi-0.9.0/src/dbi_main.c:1820:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(win_errstr, "error code 1(%d) while loading library %s", (UINT) handle, filename);
data/libdbi-0.9.0/src/dbi_main.c:1835:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(win_errstr, "can not find symbol %s", symname);
data/libdbi-0.9.0/src/dbi_main.c:1811:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(filename);
data/libdbi-0.9.0/src/dbd_helper.c:339:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unixtime.tm_year = atoi(cur)-1900;
data/libdbi-0.9.0/src/dbd_helper.c:340:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unixtime.tm_mon = atoi(cur+5)-1; /* months are 0 through 11 */
data/libdbi-0.9.0/src/dbd_helper.c:341:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unixtime.tm_mday = atoi(cur+8);
data/libdbi-0.9.0/src/dbd_helper.c:353:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unixtime.tm_hour = atoi(cur);
data/libdbi-0.9.0/src/dbd_helper.c:354:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unixtime.tm_min = atoi(cur+3);
data/libdbi-0.9.0/src/dbd_helper.c:355:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unixtime.tm_sec = atoi(cur+6);
data/libdbi-0.9.0/src/dbd_helper.c:381:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tz_mins = atoi(_tz_start+1);
data/libdbi-0.9.0/src/dbd_helper.c:383:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tz_hours = atoi(cur);
data/libdbi-0.9.0/src/dbd_helper.c:387:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tz_mins = atoi(cur+strlen(cur)-2);
data/libdbi-0.9.0/src/dbd_helper.c:391:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tz_hours = atoi(cur);
data/libdbi-0.9.0/src/dbi_main.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[FILENAME_MAX];
data/libdbi-0.9.0/src/dbi_main.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number_portion[20];
data/libdbi-0.9.0/src/dbi_main.c:1078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char versionstring[VERSIONSTRING_LENGTH];
data/libdbi-0.9.0/src/dbi_main.c:1695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_version[VERSIONSTRING_LENGTH];
data/libdbi-0.9.0/src/dbi_main.c:1717:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_version += atoi(dot+1) * n_multiplier;
data/libdbi-0.9.0/src/dbi_main.c:1724:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_version += atoi(start) * n_multiplier;
data/libdbi-0.9.0/src/dbi_main.c:1806:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char win_errstr[512];
data/libdbi-0.9.0/src/dbi_main.c:1848:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(win_errstr, "error code 3(%d) while closing library", GetLastError());
data/libdbi-0.9.0/src/dbi_result.c:1328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newblob, RESULT->rows[RESULT->currowidx]->field_values[fieldidx].d_string, size);
data/libdbi-0.9.0/drivers/example/dbd_example.c:161:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(example_encoding_hash[i], db_encoding, strlen(example_encoding_hash[i]))) {
data/libdbi-0.9.0/src/asprintf.c:22:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int total_width = strlen(format) + 1;
data/libdbi-0.9.0/src/asprintf.c:81:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_width += strlen(va_arg(ap, char*));
data/libdbi-0.9.0/src/dbd_helper.c:224:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
row->field_sizes[0] = strlen(stringarray[currow]);
data/libdbi-0.9.0/src/dbd_helper.c:332:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur) > 9 && attribs & DBI_DATETIME_DATE) {
data/libdbi-0.9.0/src/dbd_helper.c:333:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur) < 11) {
data/libdbi-0.9.0/src/dbd_helper.c:350:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (check_time && strlen(cur) > 7 && attribs & DBI_DATETIME_TIME) {
data/libdbi-0.9.0/src/dbd_helper.c:386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur) > 2) { /* have minutes */
data/libdbi-0.9.0/src/dbd_helper.c:387:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tz_mins = atoi(cur+strlen(cur)-2);
data/libdbi-0.9.0/src/dbd_helper.c:388:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur[strlen(cur)-2] = '\0';
data/libdbi-0.9.0/src/dbi_main.c:466:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newstr = malloc((strlen(orig)*2)+4+1); /* worst case, we have to escape every character and add 2*2 surrounding quotes */
data/libdbi-0.9.0/src/dbi_main.c:721:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newstr = malloc((strlen(orig)*2)+4+1); /* worst case, we have to escape every character and add 2*2 surrounding quotes */
data/libdbi-0.9.0/src/dbi_main.c:1707:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_version, version, VERSIONSTRING_LENGTH-1);
data/libdbi-0.9.0/src/dbi_main.c:1711:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (my_version[strlen(my_version)-1] == '.') {
data/libdbi-0.9.0/src/dbi_main.c:1712:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_version[strlen(my_version)-1] = '\0';
data/libdbi-0.9.0/src/dbi_result.c:681:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uflag = strlen(tokens[curidx]) > 1 && tokens[curidx][0] == 'u';
data/libdbi-0.9.0/src/dbi_result.c:682:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (tokens[curidx][strlen(tokens[curidx])-1]) {
data/libdbi-0.9.0/src/dbi_result.c:754:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uflag = strlen(tokens[curidx]) > 1 && tokens[curidx][0] == 'u';
data/libdbi-0.9.0/src/dbi_result.c:755:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (tokens[curidx][strlen(tokens[curidx])-1]) {
ANALYSIS SUMMARY:
Hits = 47
Lines analyzed = 5913 in approximately 0.31 seconds (19230 lines/second)
Physical Source Lines of Code (SLOC) = 4262
Hits@level = [0] 16 [1] 19 [2] 19 [3] 1 [4] 8 [5] 0
Hits@level+ = [0+] 63 [1+] 47 [2+] 28 [3+] 9 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 14.7818 [1+] 11.0277 [2+] 6.56969 [3+] 2.11168 [4+] 1.87705 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.