Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libkaz-1.21/dict.c
Examining data/libkaz-1.21/dict.h
Examining data/libkaz-1.21/except.c
Examining data/libkaz-1.21/except.h
Examining data/libkaz-1.21/hash.c
Examining data/libkaz-1.21/hash.h
Examining data/libkaz-1.21/list.c
Examining data/libkaz-1.21/list.h
Examining data/libkaz-1.21/sfx.c
Examining data/libkaz-1.21/sfx.h
Examining data/libkaz-1.21/tests/dict-1.cc
FINAL RESULTS:
data/libkaz-1.21/except.c:293:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, vl);
data/libkaz-1.21/dict.c:1283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char input_t[256];
data/libkaz-1.21/dict.c:1322:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, sz);
data/libkaz-1.21/dict.c:1562:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dictnum = atoi(tok1);
data/libkaz-1.21/dict.c:1575:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dict1 = atoi(tok1), dict2 = atoi(tok2);
data/libkaz-1.21/dict.c:1575:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dict1 = atoi(tok1), dict2 = atoi(tok2);
data/libkaz-1.21/except.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libkaz-1.21/hash.c:856:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char input_t[256];
data/libkaz-1.21/hash.c:890:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, sz);
data/libkaz-1.21/list.c:782:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char input_t[256];
data/libkaz-1.21/list.c:821:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, sz);
data/libkaz-1.21/sfx.c:1150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr_buf[256];
data/libkaz-1.21/dict.c:1319:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(str) + 1;
data/libkaz-1.21/hash.c:887:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(str) + 1;
data/libkaz-1.21/list.c:818:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(str) + 1;
data/libkaz-1.21/sfx.c:79:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx->size = strlen((const char *) expr) + 1;
ANALYSIS SUMMARY:
Hits = 16
Lines analyzed = 6394 in approximately 0.19 seconds (34337 lines/second)
Physical Source Lines of Code (SLOC) = 4393
Hits@level = [0] 20 [1] 4 [2] 11 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 36 [1+] 16 [2+] 12 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 8.19486 [1+] 3.64216 [2+] 2.73162 [3+] 0.227635 [4+] 0.227635 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.