Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/md4c-0.4.6/md2html/cmdline.c
Examining data/md4c-0.4.6/md2html/cmdline.h
Examining data/md4c-0.4.6/md2html/md2html.c
Examining data/md4c-0.4.6/src/entity.c
Examining data/md4c-0.4.6/src/entity.h
Examining data/md4c-0.4.6/src/md4c-html.c
Examining data/md4c-0.4.6/src/md4c-html.h
Examining data/md4c-0.4.6/src/md4c.c
Examining data/md4c-0.4.6/src/md4c.h
FINAL RESULTS:
data/md4c-0.4.6/md2html/cmdline.c:33:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/md4c-0.4.6/md2html/cmdline.c:33:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/md4c-0.4.6/src/md4c-html.c:45:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/md4c-0.4.6/src/md4c-html.c:45:22: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/md4c-0.4.6/md2html/cmdline.c:60:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char badoptname[3];
data/md4c-0.4.6/md2html/cmdline.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxbuf[CMDLINE_AUXBUF_SIZE+1];
data/md4c-0.4.6/md2html/md2html.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->size, data, size);
data/md4c-0.4.6/md2html/md2html.c:354:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(input_path, "rb");
data/md4c-0.4.6/md2html/md2html.c:361:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(output_path, "wt");
data/md4c-0.4.6/src/md4c-html.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape_map[256];
data/md4c-0.4.6/src/md4c-html.c:137:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3];
data/md4c-0.4.6/src/md4c-html.c:174:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char utf8[4];
data/md4c-0.4.6/src/md4c-html.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/md4c-0.4.6/src/md4c.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark_char_map[128];
data/md4c-0.4.6/src/md4c.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark_char_map[256];
data/md4c-0.4.6/src/md4c.c:702:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->codepoints, codepoints, sizeof(unsigned) * n_codepoints);
data/md4c-0.4.6/src/md4c.c:1425:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(build->text + off, raw_text + raw_off, 1);
data/md4c-0.4.6/src/md4c.c:1436:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(build->text + off, raw_text + raw_off, ent_end - raw_off);
data/md4c-0.4.6/src/md4c.c:2559:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mark, &ptr, sizeof(void*));
data/md4c-0.4.6/src/md4c.c:2568:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ptr, mark, sizeof(void*));
data/md4c-0.4.6/src/md4c.c:3666:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dummy, mark, sizeof(MD_MARK));
data/md4c-0.4.6/src/md4c.c:4260:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer,
data/md4c-0.4.6/src/md4c.c:4263:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + 7, dest, (dest_size-7) * sizeof(CHAR));
data/md4c-0.4.6/src/md4c.c:5489:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->containers[ctx->n_containers++], container, sizeof(MD_CONTAINER));
data/md4c-0.4.6/src/md4c.c:6236:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/md4c-0.4.6/src/md4c.c:6237:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Alloced %u bytes for block buffer.",
data/md4c-0.4.6/src/md4c.c:6241:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Alloced %u bytes for containers buffer.",
data/md4c-0.4.6/src/md4c.c:6245:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Alloced %u bytes for marks buffer.",
data/md4c-0.4.6/src/md4c.c:6249:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Alloced %u bytes for aux. buffer.",
data/md4c-0.4.6/src/md4c.c:6280:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx.parser, parser, sizeof(MD_PARSER));
data/md4c-0.4.6/md2html/cmdline.c:113:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(opt->longname);
data/md4c-0.4.6/md2html/cmdline.c:125:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(opt->longname);
data/md4c-0.4.6/md2html/cmdline.c:187:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(auxbuf, badoptname, len);
data/md4c-0.4.6/src/md4c-html.c:82:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
render_verbatim((r), (verbatim), (MD_SIZE) (strlen(verbatim)))
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 10309 in approximately 0.33 seconds (31646 lines/second)
Physical Source Lines of Code (SLOC) = 7759
Hits@level = [0] 25 [1] 4 [2] 26 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 59 [1+] 34 [2+] 30 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 7.60407 [1+] 4.38201 [2+] 3.86648 [3+] 0.51553 [4+] 0.51553 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.