Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnxml-0.18.3/src/nxml_download.c
Examining data/libnxml-0.18.3/src/nxml_init.c
Examining data/libnxml-0.18.3/src/nxml_error.c
Examining data/libnxml-0.18.3/src/nxml_free.c
Examining data/libnxml-0.18.3/src/nxml_write.c
Examining data/libnxml-0.18.3/src/nxml_edit.c
Examining data/libnxml-0.18.3/src/nxml_utf.c
Examining data/libnxml-0.18.3/src/nxml_string.c
Examining data/libnxml-0.18.3/src/nxml_easy.c
Examining data/libnxml-0.18.3/src/nxml_tools.c
Examining data/libnxml-0.18.3/src/nxml_namespace.c
Examining data/libnxml-0.18.3/src/nxml.h
Examining data/libnxml-0.18.3/src/nxml_internal.h
Examining data/libnxml-0.18.3/src/nxml_parser.c
Examining data/libnxml-0.18.3/test/easy.c
Examining data/libnxml-0.18.3/test/namespace.c
Examining data/libnxml-0.18.3/test/parser.c
Examining data/libnxml-0.18.3/test/write.c
Examining data/libnxml-0.18.3/test/new.c
FINAL RESULTS:
data/libnxml-0.18.3/src/nxml_init.c:406:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, str, va);
data/libnxml-0.18.3/src/nxml_write.c:353:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf ((FILE *) obj, str, va);
data/libnxml-0.18.3/src/nxml_write.c:366:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf (s, sizeof (s), str, va);
data/libnxml-0.18.3/src/nxml_write.c:374:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*buffer, s);
data/libnxml-0.18.3/src/nxml_write.c:383:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (*buffer, s);
data/libnxml-0.18.3/test/parser.c:10:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, str, va);
data/libnxml-0.18.3/src/nxml_download.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(mem->mm[mem->size]), ptr, realsize);
data/libnxml-0.18.3/src/nxml_free.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&priv, &data->priv, sizeof (__nxml_private_t));
data/libnxml-0.18.3/src/nxml_free.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data->priv, &priv, sizeof (__nxml_private_t));
data/libnxml-0.18.3/src/nxml_parser.c:113:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnxml-0.18.3/src/nxml_parser.c:125:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last = atoi (buf);
data/libnxml-0.18.3/src/nxml_parser.c:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnxml-0.18.3/src/nxml_parser.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[1024];
data/libnxml-0.18.3/src/nxml_parser.c:201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&attr[0], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:209:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&attr[i], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/libnxml-0.18.3/src/nxml_parser.c:433:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&name[0], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:441:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&name[i], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libnxml-0.18.3/src/nxml_parser.c:546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str[0], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:554:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str[i], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:878:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libnxml-0.18.3/src/nxml_parser.c:896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str[0], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:904:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str[i], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:953:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libnxml-0.18.3/src/nxml_parser.c:1000:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str[0], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:1008:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str[i], *buffer, byte);
data/libnxml-0.18.3/src/nxml_parser.c:1437:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file, O_RDONLY)) < 0)
data/libnxml-0.18.3/src/nxml_string.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (st->string + st->size, what, size);
data/libnxml-0.18.3/src/nxml_tools.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (attr, *buffer, i);
data/libnxml-0.18.3/src/nxml_utf.c:100:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[j], x, b); \
data/libnxml-0.18.3/src/nxml_utf.c:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2];
data/libnxml-0.18.3/src/nxml_utf.c:182:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[3];
data/libnxml-0.18.3/src/nxml_utf.c:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[4];
data/libnxml-0.18.3/src/nxml_utf.c:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[5];
data/libnxml-0.18.3/src/nxml_utf.c:285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2];
data/libnxml-0.18.3/src/nxml_utf.c:298:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[3];
data/libnxml-0.18.3/src/nxml_utf.c:312:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[4];
data/libnxml-0.18.3/src/nxml_utf.c:327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[5];
data/libnxml-0.18.3/src/nxml_write.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnxml-0.18.3/src/nxml_write.c:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096];
data/libnxml-0.18.3/src/nxml_write.c:398:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fl = fopen (file, "wb")))
data/libnxml-0.18.3/test/new.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/libnxml-0.18.3/src/nxml_namespace.c:168:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (e->name);
data/libnxml-0.18.3/src/nxml_namespace.c:199:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *a = strdup (e->name + strlen (list->ns->prefix) + 1);
data/libnxml-0.18.3/src/nxml_namespace.c:231:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (e->value);
data/libnxml-0.18.3/src/nxml_namespace.c:261:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *a = strdup (e->value + strlen (list->ns->prefix) + 1);
data/libnxml-0.18.3/src/nxml_parser.c:121:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, buffer + i + 2, last);
data/libnxml-0.18.3/src/nxml_parser.c:151:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, buffer + i + 1, last);
data/libnxml-0.18.3/src/nxml_parser.c:159:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (entity->entity));
data/libnxml-0.18.3/src/nxml_parser.c:168:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen (entity->name) + 1;
data/libnxml-0.18.3/src/nxml_parser.c:277:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(v = __nxml_parse_string (doc, value, strlen (value))))
data/libnxml-0.18.3/src/nxml_parser.c:348:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, *buffer, i);
data/libnxml-0.18.3/src/nxml_parser.c:636:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (value);
data/libnxml-0.18.3/src/nxml_parser.c:1197:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_size = strlen (r_buffer);
data/libnxml-0.18.3/src/nxml_parser.c:1447:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = read (fd, buffer + len, st.st_size - len)) <= 0)
data/libnxml-0.18.3/src/nxml_string.c:38:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (str);
data/libnxml-0.18.3/src/nxml_string.c:101:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (what);
data/libnxml-0.18.3/src/nxml_tools.c:121:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (tmp);
data/libnxml-0.18.3/src/nxml_write.c:42:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/libnxml-0.18.3/src/nxml_write.c:379:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof (char) * (strlen (*buffer) +
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 6070 in approximately 0.21 seconds (29586 lines/second)
Physical Source Lines of Code (SLOC) = 3882
Hits@level = [0] 57 [1] 18 [2] 37 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 118 [1+] 61 [2+] 43 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 30.3967 [1+] 15.7135 [2+] 11.0768 [3+] 1.5456 [4+] 1.5456 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.