Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/nitpic-0.1/info.cc Examining data/nitpic-0.1/patchlevel.h Examining data/nitpic-0.1/reg.cc Examining data/nitpic-0.1/util.cc Examining data/nitpic-0.1/16c84.cc Examining data/nitpic-0.1/ic.cc Examining data/nitpic-0.1/instr.cc Examining data/nitpic-0.1/main.cc Examining data/nitpic-0.1/pu_defs.h Examining data/nitpic-0.1/sim.cc Examining data/nitpic-0.1/pu_lib.c FINAL RESULTS: data/nitpic-0.1/16c84.cc:127:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buf, "%04X %s", data/nitpic-0.1/16c84.cc:538:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( reg, cp ); data/nitpic-0.1/16c84.cc:543:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( dscr, "%s %s,%c", data/nitpic-0.1/16c84.cc:547:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( dscr, "%s %s,%d", data/nitpic-0.1/16c84.cc:550:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( dscr, "%s %s", tmpl->name, reg ); data/nitpic-0.1/16c84.cc:553:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( dscr, data/nitpic-0.1/16c84.cc:557:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( dscr, tmpl->name ); data/nitpic-0.1/util.cc:72:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( fmttext, text ); data/nitpic-0.1/util.cc:163:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( fmttext, text ); data/nitpic-0.1/16c84.cc:85:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/nitpic-0.1/16c84.cc:512:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dscr[32]; data/nitpic-0.1/16c84.cc:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reg[16]; data/nitpic-0.1/16c84.cc:533:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( reg, "@FSR" ); data/nitpic-0.1/16c84.cc:540:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( reg, "F%02X", r ); data/nitpic-0.1/info.cc:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/nitpic-0.1/info.cc:222:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%lu:%02lu:%02lu.%03lu", hr, min, sec, ms ); data/nitpic-0.1/info.cc:229:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%lu", Pic.ticks ); data/nitpic-0.1/instr.cc:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/nitpic-0.1/pu_lib.c:78:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filehandle = fopen(filename, "r"); data/nitpic-0.1/pu_lib.c:180:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filehandle = fopen(filename, "w"); data/nitpic-0.1/pu_lib.c:230:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filehandle = fopen(filename, "a"); data/nitpic-0.1/pu_lib.c:279:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filehandle = fopen(filename, "a"); data/nitpic-0.1/reg.cc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/nitpic-0.1/reg.cc:53:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%.6s:0x%02X '%c'", data/nitpic-0.1/reg.cc:58:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, " F%02X:0x%02X '%c'", data/nitpic-0.1/reg.cc:64:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%.6s:0x%02X", Pic.reg_file[a][b].name, v ); data/nitpic-0.1/reg.cc:66:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, " F%02X:0x%02X", i, v ); data/nitpic-0.1/reg.cc:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/nitpic-0.1/reg.cc:151:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%.6s:0x%02X '%c'", data/nitpic-0.1/reg.cc:156:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, " F%02X:0x%02X '%c'", data/nitpic-0.1/reg.cc:162:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%.6s:0x%02X", Pic.reg_file[a][b].name, v ); data/nitpic-0.1/reg.cc:164:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, " F%02X:0x%02X", i, v ); data/nitpic-0.1/reg.cc:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/nitpic-0.1/reg.cc:213:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "Page %d", Pic.vreg ); data/nitpic-0.1/sim.cc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/nitpic-0.1/sim.cc:56:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "PIC type %d not supported\n", Pic.uinfo.pictype ); data/nitpic-0.1/sim.cc:150:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/nitpic-0.1/sim.cc:167:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "PICx%d unsupported", Pic.uinfo.pictype ); data/nitpic-0.1/ic.cc:73:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( p->pins[i].pin_name ) ); data/nitpic-0.1/ic.cc:79:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen( p->pins[p->npins - i - 1].pin_name ); data/nitpic-0.1/info.cc:110:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). info_text_gc, 2, bl, cp, strlen( cp ) ); data/nitpic-0.1/info.cc:111:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = XTextWidth( info_big_font, cp, strlen( cp ) ); data/nitpic-0.1/info.cc:119:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( regs->bit_names[j] ) ) / 2; data/nitpic-0.1/info.cc:127:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( regs->bit_names[j] ) ); data/nitpic-0.1/info.cc:223:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen( buf ); data/nitpic-0.1/info.cc:230:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen( buf ); data/nitpic-0.1/instr.cc:44:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen( (char *)a.p ); data/nitpic-0.1/pu_lib.c:89:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(isspace(ch = fgetc(filehandle))) data/nitpic-0.1/pu_lib.c:95:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(fgetc(filehandle)!='\n') data/nitpic-0.1/reg.cc:80:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf, strlen( buf ) ); data/nitpic-0.1/reg.cc:178:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf, strlen( buf ) ); data/nitpic-0.1/util.cc:71:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmttext = (char *)XtMalloc( strlen( text ) + 1 ); ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 3073 in approximately 0.10 seconds (30287 lines/second) Physical Source Lines of Code (SLOC) = 2460 Hits@level = [0] 40 [1] 14 [2] 29 [3] 0 [4] 9 [5] 0 Hits@level+ = [0+] 92 [1+] 52 [2+] 38 [3+] 9 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 37.3984 [1+] 21.1382 [2+] 15.4472 [3+] 3.65854 [4+] 3.65854 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.