Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libuninum-2.7/nsdefs.h
Examining data/libuninum-2.7/uninum.h
Examining data/libuninum-2.7/exitcode.h
Examining data/libuninum-2.7/input.h
Examining data/libuninum-2.7/utf8error.h
Examining data/libuninum-2.7/numconv.c
Examining data/libuninum-2.7/uniio.c
Examining data/libuninum-2.7/wcgetline.c
Examining data/libuninum-2.7/ExplicateBadUTF8.c
Examining data/libuninum-2.7/binfmt.c
Examining data/libuninum-2.7/Examples/MinimalExample.c
Examining data/libuninum-2.7/Examples/NotQuiteAsMinimal.c
Examining data/libuninum-2.7/tcl_uninum_wrap.c
Examining data/libuninum-2.7/uninum.c
Examining data/libuninum-2.7/unicode.h
FINAL RESULTS:
data/libuninum-2.7/tcl_uninum_wrap.c:453:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/libuninum-2.7/tcl_uninum_wrap.c:756:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,ty->name);
data/libuninum-2.7/tcl_uninum_wrap.c:758:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,(char *)"NULL");
data/libuninum-2.7/tcl_uninum_wrap.c:780:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,type->name);
data/libuninum-2.7/uninum.c:39:30: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define ucscpy(x,y) (UTF32 *)wcscpy((wchar_t *)x,(wchar_t *)y)
data/libuninum-2.7/uninum.c:40:30: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define ucscat(x,y) (UTF32 *)wcscat((wchar_t *)x,(wchar_t *)y)
data/libuninum-2.7/uninum.c:599:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new,"%s","unlimited");
data/libuninum-2.7/uninum.c:7051:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"0%s",Number);
data/libuninum-2.7/numconv.c:54:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int ac,
data/libuninum-2.7/numconv.c:60:10: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
return(getopt(ac,av,sopts));
data/libuninum-2.7/numconv.c:181:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt(int,char * const [],const char *);
data/libuninum-2.7/numconv.c:187:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (oc = getopt_long(ac,av,":B:b:cf:G:g:hi:IlLmo:s:t:v",opts,&lgoindex)) != EOF){
data/libuninum-2.7/ExplicateBadUTF8.c:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char TrailingBytesForUTF8[256] = {
data/libuninum-2.7/binfmt.c:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [CBITS+1];
data/libuninum-2.7/binfmt.c:60:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [SBITS+1];
data/libuninum-2.7/binfmt.c:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [IBITS+1];
data/libuninum-2.7/binfmt.c:90:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [LBITS+1];
data/libuninum-2.7/binfmt.c:105:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str [QBITS+1];
data/libuninum-2.7/numconv.c:145:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSGSIZE+1];
data/libuninum-2.7/numconv.c:190:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Uninum_Input_Base = atoi(optarg);
data/libuninum-2.7/numconv.c:193:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Uninum_Output_Base = atoi(optarg);
data/libuninum-2.7/numconv.c:199:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Uninum_Output_General_Group_Size = atoi(optarg);
data/libuninum-2.7/numconv.c:202:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Uninum_Output_First_Group_Size = atoi(optarg);
data/libuninum-2.7/numconv.c:252:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infp = fopen(InputFileName,"r");
data/libuninum-2.7/numconv.c:262:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfp = fopen(OutputFileName,"w");
data/libuninum-2.7/tcl_uninum_wrap.c:404:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/libuninum-2.7/tcl_uninum_wrap.c:767:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[512];
data/libuninum-2.7/tcl_uninum_wrap.c:775:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/libuninum-2.7/tcl_uninum_wrap.c:809:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
obj = Tcl_NewStringObj((char *) constants[i].pvalue,-1);
data/libuninum-2.7/tcl_uninum_wrap.c:927:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/libuninum-2.7/tcl_uninum_wrap.c:928:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp,"%d", argno+1);
data/libuninum-2.7/tcl_uninum_wrap.c:1272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libuninum-2.7/tcl_uninum_wrap.c:2084:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_CreateObjCommand(interp, (char *) swig_commands[i].name, (swig_wrapper_func) swig_commands[i].wrapper, swig_commands[i].clientdata, NULL);
data/libuninum-2.7/tcl_uninum_wrap.c:2087:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_SetVar(interp, (char *) swig_variables[i].name, (char *) "", TCL_GLOBAL_ONLY);
data/libuninum-2.7/tcl_uninum_wrap.c:2088:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_TraceVar(interp, (char *) swig_variables[i].name, TCL_TRACE_READS | TCL_GLOBAL_ONLY, (Tcl_VarTraceProc *) swig_variables[i].get, (ClientData) swig_variables[i].addr);
data/libuninum-2.7/tcl_uninum_wrap.c:2089:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_TraceVar(interp, (char *) swig_variables[i].name, TCL_TRACE_WRITES | TCL_GLOBAL_ONLY, (Tcl_VarTraceProc *) swig_variables[i].set, (ClientData) swig_variables[i].addr);
data/libuninum-2.7/uniio.c:90:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char TrailingBytesForUTF8[256] = {
data/libuninum-2.7/uniio.c:146:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[6];
data/libuninum-2.7/wcgetline.c:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg [MSGSIZE];
data/libuninum-2.7/tcl_uninum_wrap.c:180:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/libuninum-2.7/tcl_uninum_wrap.c:199:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/libuninum-2.7/tcl_uninum_wrap.c:452:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/libuninum-2.7/tcl_uninum_wrap.c:473:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/libuninum-2.7/tcl_uninum_wrap.c:478:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/libuninum-2.7/tcl_uninum_wrap.c:777:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((2*sz + 1 + strlen(type->name)) > 1000) return 0;
data/libuninum-2.7/tcl_uninum_wrap.c:1110:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int meth_len = strlen(meth->name);
data/libuninum-2.7/uniio.c:154:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BytesRead = read(fd,(void *) c,1);
data/libuninum-2.7/uniio.c:162:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BytesRead = read(fd,(void *) &c[BytesSoFar+1],(size_t) (BytesNeeded-BytesSoFar));
data/libuninum-2.7/uninum.c:38:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ucslen(x) wcslen((wchar_t *) x)
data/libuninum-2.7/uninum.c:597:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = malloc (sizeof(char) * (1 + strlen("unlimited")));
data/libuninum-2.7/uninum.c:7039:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MaxTenPower = strlen( Number) - 1;
data/libuninum-2.7/uninum.c:8030:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NumberSystemList[i].type == (which? 2:1)) CharsNeeded += strlen(NumberSystemList[i].s);
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 11522 in approximately 0.26 seconds (44369 lines/second)
Physical Source Lines of Code (SLOC) = 9968
Hits@level = [0] 62 [1] 13 [2] 27 [3] 4 [4] 8 [5] 0
Hits@level+ = [0+] 114 [1+] 52 [2+] 39 [3+] 12 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 11.4366 [1+] 5.21669 [2+] 3.91252 [3+] 1.20385 [4+] 0.802568 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.