stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mk-configure-0.33.0/builtins/easy.c
Examining data/mk-configure-0.33.0/builtins/easy.cc
Examining data/mk-configure-0.33.0/examples/check_compiler_opts/hello_world.c
Examining data/mk-configure-0.33.0/examples/fts/fts.c
Examining data/mk-configure-0.33.0/examples/hello_RBTREE/hello_RBTREE.c
Examining data/mk-configure-0.33.0/examples/hello_SLIST/hello_SLIST.c
Examining data/mk-configure-0.33.0/examples/hello_TARGETS/hello1/hello1.c
Examining data/mk-configure-0.33.0/examples/hello_TARGETS/hello2/hello2.c
Examining data/mk-configure-0.33.0/examples/hello_autoconf/proj/hello_autoconf.c
Examining data/mk-configure-0.33.0/examples/hello_autotools/proj/main.c
Examining data/mk-configure-0.33.0/examples/hello_compatlib/prog1/prog1.c
Examining data/mk-configure-0.33.0/examples/hello_compatlib/prog2/prog2.c
Examining data/mk-configure-0.33.0/examples/hello_compilers/compiler_test.c
Examining data/mk-configure-0.33.0/examples/hello_customtests/custom_tests/alloca_in_alloca_h.c
Examining data/mk-configure-0.33.0/examples/hello_customtests/custom_tests/alloca_in_stdlib_h.c
Examining data/mk-configure-0.33.0/examples/hello_customtests/custom_tests/cxx_with_templates.cc
Examining data/mk-configure-0.33.0/examples/hello_customtests/hello_customtests.c
Examining data/mk-configure-0.33.0/examples/hello_customtests2/hello_customtests2.c
Examining data/mk-configure-0.33.0/examples/hello_cxx/five.c
Examining data/mk-configure-0.33.0/examples/hello_cxx/five.h
Examining data/mk-configure-0.33.0/examples/hello_cxx/hello_msg.cc
Examining data/mk-configure-0.33.0/examples/hello_cxx/hello_msg.h
Examining data/mk-configure-0.33.0/examples/hello_cxx/main.cc
Examining data/mk-configure-0.33.0/examples/hello_cxx/seven.c
Examining data/mk-configure-0.33.0/examples/hello_cxx/seven.h
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxapp/cxxapp.cc
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib/dummy.c
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib/hello_msg1.cpp
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib/hello_msg2.cpp
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib/include/hello_msg.h
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib/include/impl/hello_msg1.h
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib/include/impl/hello_msg2.h
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib2/hello_msg3.cxx
Examining data/mk-configure-0.33.0/examples/hello_cxxlib/cxxlib2/include/hello_msg2.h
Examining data/mk-configure-0.33.0/examples/hello_dictd/dict/dict.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/dictd/dictd.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/dictfmt/dictfmt.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/dictzip/dictzip.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/libcommon/iswalnum.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/libcommon/str.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/libdz/dz.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/libmaa/log.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/libmaa/prime.c
Examining data/mk-configure-0.33.0/examples/hello_dictd/libmaa/set.c
Examining data/mk-configure-0.33.0/examples/hello_errwarn/hello.c
Examining data/mk-configure-0.33.0/examples/hello_fgetln/hello.c
Examining data/mk-configure-0.33.0/examples/hello_glib2/hello_glib2.c
Examining data/mk-configure-0.33.0/examples/hello_iconv/hello_iconv.c
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libbar/bar.c
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libbar/bar.h
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libbaz/baz.c
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libbaz/include/baz.h
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libfoo/foo.c
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libfoo/foo.h
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libfooqux/fooqux.c
Examining data/mk-configure-0.33.0/examples/hello_libdeps/libs/libfooqux/fooqux.h
Examining data/mk-configure-0.33.0/examples/hello_libdeps/progs/foobaz/foobaz.c
Examining data/mk-configure-0.33.0/examples/hello_libdeps/progs/fooquxfoobar/fooquxfoobar.c
Examining data/mk-configure-0.33.0/examples/hello_lua/baz.c
Examining data/mk-configure-0.33.0/examples/hello_lua3/socket_baz.c
Examining data/mk-configure-0.33.0/examples/hello_plugins/app/app.c
Examining data/mk-configure-0.33.0/examples/hello_plugins/plugin1/plugin1.c
Examining data/mk-configure-0.33.0/examples/hello_plugins/plugin2/plugin2.c
Examining data/mk-configure-0.33.0/examples/hello_plugins2/app/app.c
Examining data/mk-configure-0.33.0/examples/hello_plugins2/plugin1/plugin1.c
Examining data/mk-configure-0.33.0/examples/hello_plugins2/plugin2/plugin2.c
Examining data/mk-configure-0.33.0/examples/hello_progs/client.c
Examining data/mk-configure-0.33.0/examples/hello_progs/client_puts.c
Examining data/mk-configure-0.33.0/examples/hello_progs/server.c
Examining data/mk-configure-0.33.0/examples/hello_progs/server_puts.c
Examining data/mk-configure-0.33.0/examples/hello_progs2/client.c
Examining data/mk-configure-0.33.0/examples/hello_progs2/common.c
Examining data/mk-configure-0.33.0/examples/hello_progs2/server.c
Examining data/mk-configure-0.33.0/examples/hello_requirements/custom_check1.c
Examining data/mk-configure-0.33.0/examples/hello_requirements/custom_check2.c
Examining data/mk-configure-0.33.0/examples/hello_requirements/hello_world.c
Examining data/mk-configure-0.33.0/examples/hello_scripts/main.c
Examining data/mk-configure-0.33.0/examples/hello_scripts/msg.c
Examining data/mk-configure-0.33.0/examples/hello_sizeof/sizeof_test.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy/getline.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy/hello.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy/strlcpy.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy2/hello.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy2/missing/getline.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy2/missing/strlcpy.c
Examining data/mk-configure-0.33.0/examples/hello_strlcpy3/hello.c
Examining data/mk-configure-0.33.0/examples/hello_subdirs/prog1/prog1.c
Examining data/mk-configure-0.33.0/examples/hello_subdirs/prog2/prog2.c
Examining data/mk-configure-0.33.0/examples/hello_superfs/fsck_superfs/fsck_superfs.c
Examining data/mk-configure-0.33.0/examples/hello_superfs/mkfs_superfs/mkfs_superfs.c
Examining data/mk-configure-0.33.0/examples/hello_world/hello_world.c
Examining data/mk-configure-0.33.0/examples/hello_xxzip/xxzip.c
Examining data/mk-configure-0.33.0/examples/pkgconfig3/pkgconfig3.c
Examining data/mk-configure-0.33.0/examples/subprojects/hello/hello_subprojects.c
Examining data/mk-configure-0.33.0/examples/subprojects/libhello1/hello1.c
Examining data/mk-configure-0.33.0/examples/subprojects/libhello1/hello1.h
Examining data/mk-configure-0.33.0/examples/subprojects/libhello2/hello2.c
Examining data/mk-configure-0.33.0/examples/subprojects/libhello2/include/hello2.h
Examining data/mk-configure-0.33.0/examples/tools/libs/bar/bar.c
Examining data/mk-configure-0.33.0/examples/tools/libs/bar/bar.h
Examining data/mk-configure-0.33.0/examples/tools/libs/foo/foo.c
Examining data/mk-configure-0.33.0/examples/tools/libs/foo/foo.h
Examining data/mk-configure-0.33.0/examples/tools/libs/qux/qux.c
Examining data/mk-configure-0.33.0/examples/tools/tools/prog1/prog1.c
Examining data/mk-configure-0.33.0/examples/tools/tools/prog2/prog2.c
Examining data/mk-configure-0.33.0/examples/tools/tools/prog3/prog3.c
Examining data/mk-configure-0.33.0/examples/tools/tools/prog4/prog4.c
Examining data/mk-configure-0.33.0/examples/tools2/libs/bar/bar.c
Examining data/mk-configure-0.33.0/examples/tools2/libs/bar/bar.h
Examining data/mk-configure-0.33.0/examples/tools2/libs/foo/foo.c
Examining data/mk-configure-0.33.0/examples/tools2/libs/foo/foo.h
Examining data/mk-configure-0.33.0/examples/tools2/libs/qux/qux.c
Examining data/mk-configure-0.33.0/examples/tools2/tools/prog1/prog1.c
Examining data/mk-configure-0.33.0/examples/tools2/tools/prog2/prog2.c
Examining data/mk-configure-0.33.0/examples/tools2/tools/prog3/prog3.c
Examining data/mk-configure-0.33.0/examples/tools2/tools/prog4/prog4.c
Examining data/mk-configure-0.33.0/features/_mkcfake.c
Examining data/mk-configure-0.33.0/features/err/err.c
Examining data/mk-configure-0.33.0/features/fgetln/fgetln.c
Examining data/mk-configure-0.33.0/features/getdelim/getdelim.c
Examining data/mk-configure-0.33.0/features/getline/getline.c
Examining data/mk-configure-0.33.0/features/mkc_RB.h
Examining data/mk-configure-0.33.0/features/mkc_SLIST.h
Examining data/mk-configure-0.33.0/features/mkc_err.h
Examining data/mk-configure-0.33.0/features/mkc_fgetln.h
Examining data/mk-configure-0.33.0/features/mkc_getdelim.h
Examining data/mk-configure-0.33.0/features/mkc_getline.h
Examining data/mk-configure-0.33.0/features/mkc_libdl.h
Examining data/mk-configure-0.33.0/features/mkc_libm.h
Examining data/mk-configure-0.33.0/features/mkc_progname.h
Examining data/mk-configure-0.33.0/features/mkc_strlcat.h
Examining data/mk-configure-0.33.0/features/mkc_strlcpy.h
Examining data/mk-configure-0.33.0/features/mkc_strndup.h
Examining data/mk-configure-0.33.0/features/mkc_warn.h
Examining data/mk-configure-0.33.0/features/netbsd_sys_queue.h
Examining data/mk-configure-0.33.0/features/netbsd_sys_tree.h
Examining data/mk-configure-0.33.0/features/progname/progname.c
Examining data/mk-configure-0.33.0/features/strlcat/strlcat.c
Examining data/mk-configure-0.33.0/features/strlcpy/strlcpy.c
Examining data/mk-configure-0.33.0/features/strndup/strndup.c
Examining data/mk-configure-0.33.0/features/warn/warn.c
Examining data/mk-configure-0.33.0/tests/configure_test/custom/custom_check1.c
Examining data/mk-configure-0.33.0/tests/configure_test/custom/custom_check3.c
Examining data/mk-configure-0.33.0/tests/configure_test/custom/my_check2.c
Examining data/mk-configure-0.33.0/tests/configure_test/include/mkc_test.h
Examining data/mk-configure-0.33.0/tests/create_cachedir/hello.c
Examining data/mk-configure-0.33.0/tests/dltest/dltest.c
Examining data/mk-configure-0.33.0/tests/lua_dirs/baz.c
Examining data/mk-configure-0.33.0/tests/mkinstall/baz.h
Examining data/mk-configure-0.33.0/tests/mkinstall/qux.c
Examining data/mk-configure-0.33.0/tests/reqd_clean_cache/test1.c
Examining data/mk-configure-0.33.0/tests/sys_queue/hello.c

FINAL RESULTS:

data/mk-configure-0.33.0/features/err/err.c:50:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/err/err.c:67:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/err/err.c:82:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/err/err.c:95:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/warn/warn.c:50:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/warn/warn.c:66:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/warn/warn.c:80:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/features/warn/warn.c:92:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf (stderr, fmt, ap);
data/mk-configure-0.33.0/examples/hello_RBTREE/hello_RBTREE.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf [100];
data/mk-configure-0.33.0/examples/hello_SLIST/hello_SLIST.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf [100];
data/mk-configure-0.33.0/examples/hello_compatlib/prog1/prog1.c:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char small_buf [15];
data/mk-configure-0.33.0/examples/hello_compatlib/prog1/prog1.c:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char said [19];
data/mk-configure-0.33.0/examples/hello_strlcpy/hello.c:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char small_buf [10];
data/mk-configure-0.33.0/examples/hello_strlcpy2/hello.c:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char small_buf [10];
data/mk-configure-0.33.0/examples/hello_strlcpy3/hello.c:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char small_buf [15];
data/mk-configure-0.33.0/examples/hello_strlcpy3/hello.c:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char said [19];
data/mk-configure-0.33.0/features/strndup/strndup.c:50:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(copy, str, len);
data/mk-configure-0.33.0/examples/hello_RBTREE/hello_RBTREE.c:72:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (buf);
data/mk-configure-0.33.0/examples/hello_SLIST/hello_SLIST.c:55:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (buf);
data/mk-configure-0.33.0/examples/hello_compatlib/prog1/prog1.c:22:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (buf);
data/mk-configure-0.33.0/examples/hello_compilers/compiler_test.c:45:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	printf ("%d\n", (strlen (MSG) > 0) +
data/mk-configure-0.33.0/examples/hello_strlcpy/getline.c:36:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (c = getc (stream), c != EOF){
data/mk-configure-0.33.0/examples/hello_strlcpy/hello.c:21:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (buf);
data/mk-configure-0.33.0/examples/hello_strlcpy2/hello.c:21:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (buf);
data/mk-configure-0.33.0/examples/hello_strlcpy2/missing/getline.c:36:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (c = getc (stream), c != EOF){
data/mk-configure-0.33.0/examples/hello_strlcpy3/hello.c:22:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (buf);
data/mk-configure-0.33.0/features/getdelim/getdelim.c:52:11:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		int c = fgetc(fp);
data/mk-configure-0.33.0/features/getline/getline.c:18:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (c = getc (stream), c != EOF){
data/mk-configure-0.33.0/features/strlcat/strlcat.c:48:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return (dlen + strlen(s));

ANALYSIS SUMMARY:

Hits = 29
Lines analyzed = 4183 in approximately 0.19 seconds (21646 lines/second)
Physical Source Lines of Code (SLOC) = 3017
Hits@level = [0]  97 [1]  12 [2]   9 [3]   0 [4]   8 [5]   0
Hits@level+ = [0+] 126 [1+]  29 [2+]  17 [3+]   8 [4+]   8 [5+]   0
Hits/KSLOC@level+ = [0+] 41.7633 [1+] 9.6122 [2+] 5.63474 [3+] 2.65164 [4+] 2.65164 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.