Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libvformat-1.13/common/types.h
Examining data/libvformat-1.13/vf_iface.h
Examining data/libvformat-1.13/src/vf_config.h
Examining data/libvformat-1.13/src/vf_internals.h
Examining data/libvformat-1.13/src/vf_malloc.h
Examining data/libvformat-1.13/src/vf_malloc_stdlib.h
Examining data/libvformat-1.13/src/vf_modified.h
Examining data/libvformat-1.13/src/vf_string_arrays.h
Examining data/libvformat-1.13/src/vf_strings.h
Examining data/libvformat-1.13/src/vf_access.c
Examining data/libvformat-1.13/src/vf_access_calendar.c
Examining data/libvformat-1.13/src/vf_access_wrappers.c
Examining data/libvformat-1.13/src/vf_create_object.c
Examining data/libvformat-1.13/src/vf_delete.c
Examining data/libvformat-1.13/src/vf_malloc.c
Examining data/libvformat-1.13/src/vf_malloc_stdlib.c
Examining data/libvformat-1.13/src/vf_modified.c
Examining data/libvformat-1.13/src/vf_reader.c
Examining data/libvformat-1.13/src/vf_search.c
Examining data/libvformat-1.13/src/vf_string_arrays.c
Examining data/libvformat-1.13/src/vf_strings.c
Examining data/libvformat-1.13/src/vf_parser.c
Examining data/libvformat-1.13/src/vf_writer.c
Examining data/libvformat-1.13/vformat/vf_iface.h
Examining data/libvformat-1.13/test/testsuppt.c
Examining data/libvformat-1.13/test/testsuppt.h
Examining data/libvformat-1.13/test/vformat.c
Examining data/libvformat-1.13/samples/split_phonebook.c
Examining data/libvformat-1.13/samples/split_phonebook.h
FINAL RESULTS:
data/libvformat-1.13/samples/split_phonebook.c:125:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s %s", p_givenname, p_familyname);
data/libvformat-1.13/samples/split_phonebook.c:130:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p_familyname);
data/libvformat-1.13/samples/split_phonebook.c:135:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p_givenname);
data/libvformat-1.13/samples/split_phonebook.c:145:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p_fullname);
data/libvformat-1.13/samples/split_phonebook.c:153:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s\\%s.vcf", p_outdir, name);
data/libvformat-1.13/src/vf_strings.c:162:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(p_string1, p_string2);
data/libvformat-1.13/src/vf_strings.c:229:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return strcat(p_string1, p_string2);
data/libvformat-1.13/src/vf_writer.c:231:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/src/vf_writer.c:303:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/src/vf_writer.c:308:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/src/vf_writer.c:384:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/src/vf_writer.c:391:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/src/vf_writer.c:431:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/src/vf_writer.c:443:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, szEndOfLine);
data/libvformat-1.13/test/testsuppt.c:129:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pattern, "%s//%s", p_dirname, p_pattern);
data/libvformat-1.13/test/testsuppt.c:149:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p_name, "%s//%s", p_enum->p_dirname, p_enum->fd.cFileName);
data/libvformat-1.13/test/testsuppt.c:162:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p_name, "%s", p_enum->h.gl_pathv[0]);
data/libvformat-1.13/test/testsuppt.c:210:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p_name, "%s//%s", p_enum->p_dirname, p_enum->fd.cFileName);
data/libvformat-1.13/test/testsuppt.c:218:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p_name, "%s", p_enum->h.gl_pathv[ts_nextfile++]);
data/libvformat-1.13/test/vformat.c:847:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p_outfile, p_infile);
data/libvformat-1.13/test/vformat.c:855:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p_found_subscript, p_subscript);
data/libvformat-1.13/samples/split_phonebook.c:114:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libvformat-1.13/samples/split_phonebook.c:151:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[_MAX_PATH];
data/libvformat-1.13/src/vf_access_calendar.c:141:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[256];
data/libvformat-1.13/src/vf_access_calendar.c:145:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%4d%02d%02dT%02d%02d%02d",
data/libvformat-1.13/src/vf_access_calendar.c:155:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%4d%02d%02d",
data/libvformat-1.13/src/vf_access_calendar.c:497:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p_string + p_strlen(p_string), "%lu%c", (unsigned long)value, symbol);
data/libvformat-1.13/src/vf_parser.c:971:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[3];
data/libvformat-1.13/src/vf_reader.c:166:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(p_name, "rb");
data/libvformat-1.13/src/vf_reader.c:170:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PARSEBUFSIZE];
data/libvformat-1.13/src/vf_reader.c:237:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(p_filename, "rb");
data/libvformat-1.13/src/vf_strings.c:419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_destination, p_source, length);
data/libvformat-1.13/src/vf_writer.c:176:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(p_name, "wb");
data/libvformat-1.13/src/vf_writer.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quad[5];
data/libvformat-1.13/test/testsuppt.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[_MAX_PATH];
data/libvformat-1.13/test/testsuppt.c:353:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(p_name, "rb");
data/libvformat-1.13/test/vformat.c:123:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void check_extract_fields(const char *filename, const char *p_array[3]);
data/libvformat-1.13/test/vformat.c:123:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void check_extract_fields(const char *filename, const char *p_array[3]);
data/libvformat-1.13/test/vformat.c:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pp_tel_fields[3] =
data/libvformat-1.13/test/vformat.c:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[_MAX_PATH];
data/libvformat-1.13/test/vformat.c:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile_1[_MAX_PATH];
data/libvformat-1.13/test/vformat.c:272:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile_2[_MAX_PATH];
data/libvformat-1.13/test/vformat.c:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[LINELENGTH];
data/libvformat-1.13/test/vformat.c:336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(title + 2, filename, strlen(filename));
data/libvformat-1.13/test/vformat.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libvformat-1.13/test/vformat.c:449:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "[%d tests, %d errors, %d warnings]",
data/libvformat-1.13/test/vformat.c:472:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *filename,
data/libvformat-1.13/test/vformat.c:473:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *p_array[3]
data/libvformat-1.13/test/vformat.c:644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXBASE64ENC+1];
data/libvformat-1.13/test/vformat.c:778:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[256];
data/libvformat-1.13/src/vf_reader.c:178:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
charsread = read(fileno(fp), buffer, sizeof(buffer));
data/libvformat-1.13/src/vf_reader.c:241:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((int)buf.st_size == read(fileno(fp), p_data, buf.st_size))
data/libvformat-1.13/src/vf_strings.c:127:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(p_string);
data/libvformat-1.13/test/testsuppt.c:357:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (p->size == (size_t)read(fileno(fp), p->p_data, p->size))
data/libvformat-1.13/test/vformat.c:336:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(title + 2, filename, strlen(filename));
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 10643 in approximately 0.37 seconds (28382 lines/second)
Physical Source Lines of Code (SLOC) = 4203
Hits@level = [0] 44 [1] 5 [2] 29 [3] 0 [4] 21 [5] 0
Hits@level+ = [0+] 99 [1+] 55 [2+] 50 [3+] 21 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 23.5546 [1+] 13.0859 [2+] 11.8963 [3+] 4.99643 [4+] 4.99643 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.