Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mescc-tools-1.0.1/blood-elf.c
Examining data/mescc-tools-1.0.1/catm.c
Examining data/mescc-tools-1.0.1/examples/M0-macro.c
Examining data/mescc-tools-1.0.1/examples/hex1.c
Examining data/mescc-tools-1.0.1/examples/hex2.c
Examining data/mescc-tools-1.0.1/functions/file_print.c
Examining data/mescc-tools-1.0.1/functions/in_set.c
Examining data/mescc-tools-1.0.1/functions/match.c
Examining data/mescc-tools-1.0.1/functions/require.c
Examining data/mescc-tools-1.0.1/functions/string.c
Examining data/mescc-tools-1.0.1/functions/numerate_number.c
Examining data/mescc-tools-1.0.1/get_machine.c
Examining data/mescc-tools-1.0.1/hex2_linker.c
Examining data/mescc-tools-1.0.1/kaem.c
Examining data/mescc-tools-1.0.1/M1-macro.c
FINAL RESULTS:
data/mescc-tools-1.0.1/hex2_linker.c:701:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if(0 != chmod(output_file, 488))
data/mescc-tools-1.0.1/M1-macro.c:814:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
source_file = fopen(filename, "r");
data/mescc-tools-1.0.1/M1-macro.c:829:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
destination_file = fopen(argv[option_index + 1], "w");
data/mescc-tools-1.0.1/blood-elf.c:107:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* source_file = fopen(input->name, "r");
data/mescc-tools-1.0.1/blood-elf.c:311:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(output_file, "w");
data/mescc-tools-1.0.1/catm.c:35:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int output = open(argv[1], 577 , 384);
data/mescc-tools-1.0.1/catm.c:50:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = open(argv[i], 0, 0);
data/mescc-tools-1.0.1/examples/M0-macro.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[16] = {0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46};
data/mescc-tools-1.0.1/examples/M0-macro.c:293:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%04x", value);
data/mescc-tools-1.0.1/examples/M0-macro.c:326:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
source_file = fopen(argv[1], "r");
data/mescc-tools-1.0.1/examples/hex1.c:159:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
source_file = fopen(argv[1], "r");
data/mescc-tools-1.0.1/examples/hex2.c:271:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[1], "r");
data/mescc-tools-1.0.1/examples/hex2.c:272:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(argv[2], "w");
data/mescc-tools-1.0.1/hex2_linker.c:488:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* source_file = fopen(filename, "r");
data/mescc-tools-1.0.1/hex2_linker.c:538:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* source_file = fopen(filename, "r");
data/mescc-tools-1.0.1/hex2_linker.c:655:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(output_file, "w");
data/mescc-tools-1.0.1/kaem.c:217:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t = fopen(trial, "r");
data/mescc-tools-1.0.1/kaem.c:691:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
script = fopen(filename, "r");
data/mescc-tools-1.0.1/M1-macro.c:199:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/M1-macro.c:203:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/M1-macro.c:231:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(source_file);
data/mescc-tools-1.0.1/M1-macro.c:262:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(source_file);
data/mescc-tools-1.0.1/M1-macro.c:295:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:56:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:63:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:85:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:89:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:95:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:98:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/blood-elf.c:118:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/blood-elf.c:118:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/catm.c:59:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(input, buffer, BUFFER_SIZE);
data/mescc-tools-1.0.1/examples/M0-macro.c:75:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/M0-macro.c:78:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/M0-macro.c:91:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(source_file);
data/mescc-tools-1.0.1/examples/M0-macro.c:108:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(source_file);
data/mescc-tools-1.0.1/examples/M0-macro.c:118:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex1.c:32:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex1.c:39:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex1.c:49:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex1.c:52:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex1.c:86:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/examples/hex1.c:86:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/examples/hex1.c:97:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex1.c:118:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/examples/hex1.c:118:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/examples/hex1.c:122:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/examples/hex2.c:58:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(input);
data/mescc-tools-1.0.1/examples/hex2.c:63:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/mescc-tools-1.0.1/examples/hex2.c:74:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/mescc-tools-1.0.1/examples/hex2.c:192:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(input);
data/mescc-tools-1.0.1/examples/hex2.c:195:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/mescc-tools-1.0.1/examples/hex2.c:231:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(input); EOF != c; c = fgetc(input))
data/mescc-tools-1.0.1/examples/hex2.c:231:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(input); EOF != c; c = fgetc(input))
data/mescc-tools-1.0.1/examples/hex2.c:257:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(input); EOF != c; c = fgetc(input))
data/mescc-tools-1.0.1/examples/hex2.c:257:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(input); EOF != c; c = fgetc(input))
data/mescc-tools-1.0.1/hex2_linker.c:99:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/hex2_linker.c:104:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/hex2_linker.c:117:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/hex2_linker.c:361:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(source_file);
data/mescc-tools-1.0.1/hex2_linker.c:365:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(source_file);
data/mescc-tools-1.0.1/hex2_linker.c:500:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/hex2_linker.c:500:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/hex2_linker.c:553:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/hex2_linker.c:553:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c = fgetc(source_file); EOF != c; c = fgetc(source_file))
data/mescc-tools-1.0.1/kaem.c:67:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/mescc-tools-1.0.1/kaem.c:84:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/mescc-tools-1.0.1/kaem.c:109:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/mescc-tools-1.0.1/kaem.c:140:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(input);
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 3999 in approximately 0.15 seconds (26891 lines/second)
Physical Source Lines of Code (SLOC) = 3186
Hits@level = [0] 7 [1] 51 [2] 17 [3] 0 [4] 0 [5] 1
Hits@level+ = [0+] 76 [1+] 69 [2+] 18 [3+] 1 [4+] 1 [5+] 1
Hits/KSLOC@level+ = [0+] 23.8544 [1+] 21.6573 [2+] 5.64972 [3+] 0.313873 [4+] 0.313873 [5+] 0.313873
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.