Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libvterm-0.1.4/bin/unterm.c
Examining data/libvterm-0.1.4/bin/vterm-ctrl.c
Examining data/libvterm-0.1.4/bin/vterm-dump.c
Examining data/libvterm-0.1.4/src/unicode.c
Examining data/libvterm-0.1.4/src/utf8.h
Examining data/libvterm-0.1.4/src/parser.c
Examining data/libvterm-0.1.4/src/rect.h
Examining data/libvterm-0.1.4/src/vterm.c
Examining data/libvterm-0.1.4/src/encoding.c
Examining data/libvterm-0.1.4/src/state.c
Examining data/libvterm-0.1.4/src/vterm_internal.h
Examining data/libvterm-0.1.4/src/mouse.c
Examining data/libvterm-0.1.4/src/screen.c
Examining data/libvterm-0.1.4/src/pen.c
Examining data/libvterm-0.1.4/src/keyboard.c
Examining data/libvterm-0.1.4/t/harness.c
Examining data/libvterm-0.1.4/include/vterm.h
Examining data/libvterm-0.1.4/include/vterm_keycodes.h
FINAL RESULTS:
data/libvterm-0.1.4/bin/unterm.c:122:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(!i ? "%d" :
data/libvterm-0.1.4/bin/vterm-dump.c:135:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(i ? "," : " ");
data/libvterm-0.1.4/src/state.c:1543:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += snprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/state.c:1549:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += snprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/state.c:1558:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += snprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/vterm.c:142:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t len = vsnprintf(vt->tmpbuffer, vt->tmpbuffer_len,
data/libvterm-0.1.4/src/vterm.c:161:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur = snprintf(vt->tmpbuffer, vt->tmpbuffer_len,
data/libvterm-0.1.4/src/vterm.c:172:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += vsnprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/vterm.c:186:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += snprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/vterm.c:194:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += vsnprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/vterm.c:201:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cur += snprintf(vt->tmpbuffer + cur, vt->tmpbuffer_len - cur,
data/libvterm-0.1.4/src/vterm_internal.h:15:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUG_LOG(...) fprintf(stderr, __VA_ARGS__)
data/libvterm-0.1.4/t/harness.c:103:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(i ? ",%x" : "%x", b);
data/libvterm-0.1.4/t/harness.c:275:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(i ? ",%x" : "%x", info->chars[i]);
data/libvterm-0.1.4/t/harness.c:400:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(col == rect.start_col ? "%02X" : " %02X", cell.chars[0]);
data/libvterm-0.1.4/t/harness.c:620:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(i ? ",%x" : "%x", cp[i]);
data/libvterm-0.1.4/t/harness.c:936:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(err ? "?\n" : "DONE\n");
data/libvterm-0.1.4/bin/unterm.c:206:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "f:l:c:")) != -1) {
data/libvterm-0.1.4/bin/vterm-dump.c:185:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "c")) != -1) {
data/libvterm-0.1.4/bin/unterm.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[6];
data/libvterm-0.1.4/bin/unterm.c:220:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atoi(optarg);
data/libvterm-0.1.4/bin/unterm.c:226:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cols = atoi(optarg);
data/libvterm-0.1.4/bin/unterm.c:234:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(file, O_RDONLY);
data/libvterm-0.1.4/bin/unterm.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libvterm-0.1.4/bin/vterm-ctrl.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csi[32];
data/libvterm-0.1.4/bin/vterm-ctrl.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dcs[32];
data/libvterm-0.1.4/bin/vterm-dump.c:197:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/libvterm-0.1.4/bin/vterm-dump.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libvterm-0.1.4/src/keyboard.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[6];
data/libvterm-0.1.4/src/mouse.c:25:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[18]; size_t len = 0;
data/libvterm-0.1.4/src/parser.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[INTERMED_MAX+1];
data/libvterm-0.1.4/src/state.c:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_chars, state->combine_chars, state->combine_chars_size * sizeof(new_chars[0]));
data/libvterm-0.1.4/src/state.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strvalue[len+1];
data/libvterm-0.1.4/src/vterm.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vt->outbuffer + vt->outbuffer_cur, bytes, len);
data/libvterm-0.1.4/src/vterm.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, vt->outbuffer, len);
data/libvterm-0.1.4/src/vterm_internal.h:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4*sizeof(uint32_t)];
data/libvterm-0.1.4/src/vterm_internal.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intermed[INTERMED_MAX];
data/libvterm-0.1.4/src/vterm_internal.h:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csi_leader[CSI_LEADER_MAX];
data/libvterm-0.1.4/t/harness.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024] = {0};
data/libvterm-0.1.4/t/harness.c:930:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuff[outlen];
data/libvterm-0.1.4/bin/unterm.c:250:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((len = read(fd, buffer, sizeof(buffer))) > 0) {
data/libvterm-0.1.4/bin/vterm-ctrl.c:88:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getchar())) {
data/libvterm-0.1.4/bin/vterm-ctrl.c:109:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char c = csi[i] = getchar();
data/libvterm-0.1.4/bin/vterm-ctrl.c:128:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char c = getchar();
data/libvterm-0.1.4/bin/vterm-ctrl.c:224:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) < strlen(cmd))
data/libvterm-0.1.4/bin/vterm-ctrl.c:224:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) < strlen(cmd))
data/libvterm-0.1.4/bin/vterm-ctrl.c:226:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strcmp(s + strlen(s) - strlen(cmd), cmd) != 0) {
data/libvterm-0.1.4/bin/vterm-ctrl.c:226:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strcmp(s + strlen(s) - strlen(cmd), cmd) != 0) {
data/libvterm-0.1.4/bin/vterm-dump.c:216:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((len = read(fd, buffer, sizeof(buffer))) > 0) {
data/libvterm-0.1.4/src/parser.c:53:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq, vt->parser.intermed, len);
data/libvterm-0.1.4/src/parser.c:72:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vt->parser.strbuffer + vt->parser.strbuffer_cur, str, len);
data/libvterm-0.1.4/src/state.c:522:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strvalue, str, len);
data/libvterm-0.1.4/t/harness.c:8:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strstartswith(a,b) (!strncmp(a,b,strlen(b)))
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 7745 in approximately 0.20 seconds (39526 lines/second)
Physical Source Lines of Code (SLOC) = 5976
Hits@level = [0] 202 [1] 13 [2] 21 [3] 2 [4] 17 [5] 0
Hits@level+ = [0+] 255 [1+] 53 [2+] 40 [3+] 19 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 42.6707 [1+] 8.86881 [2+] 6.69344 [3+] 3.17938 [4+] 2.84471 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.