Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/odt2txt-0.5/kunzip/fileio.c Examining data/odt2txt-0.5/kunzip/fileio.h Examining data/odt2txt-0.5/kunzip/kunzip.h Examining data/odt2txt-0.5/kunzip/zipfile.c Examining data/odt2txt-0.5/kunzip/zipfile.h Examining data/odt2txt-0.5/mem.c Examining data/odt2txt-0.5/mem.h Examining data/odt2txt-0.5/odt2txt.c Examining data/odt2txt-0.5/regex.c Examining data/odt2txt-0.5/regex.h Examining data/odt2txt-0.5/strbuf.c Examining data/odt2txt-0.5/strbuf.h Examining data/odt2txt-0.5/t/test-regex.c Examining data/odt2txt-0.5/t/test-strbuf.c FINAL RESULTS: data/odt2txt-0.5/mem.c:266:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, argp); data/odt2txt-0.5/mem.c:277:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, argp); data/odt2txt-0.5/strbuf.c:22:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, argp); data/odt2txt-0.5/kunzip/zipfile.c:32:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[BUFFER_SIZE]; data/odt2txt-0.5/kunzip/zipfile.c:207:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(zip_filename, "rb"); data/odt2txt-0.5/kunzip/zipfile.c:238:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(zip_filename, "rb"); data/odt2txt-0.5/mem.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &magic, sizeof(magic)); data/odt2txt-0.5/mem.c:167:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)p + size + sizeof(magic), &magic, sizeof(magic)); data/odt2txt-0.5/mem.c:253:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)p + size + sizeof(magic), &magic, sizeof(magic)); data/odt2txt-0.5/odt2txt.c:491:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt_encoding, argv[i] + 11, arglen); data/odt2txt-0.5/odt2txt.c:494:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt_width = atoi(argv[i] + 8); data/odt2txt-0.5/odt2txt.c:508:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt_output, argv[i] + 9, arglen); data/odt2txt-0.5/odt2txt.c:603:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); data/odt2txt-0.5/regex.c:142:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(match, buf + matches[i].rm_so + off, len); data/odt2txt-0.5/regex.c:174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(match, prefix, pr_len); data/odt2txt-0.5/regex.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(match + pr_len, buf + matches[i].rm_so + off, len); data/odt2txt-0.5/regex.c:176:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(match + pr_len + len, postfix, po_len); data/odt2txt-0.5/regex.h:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char utf8_length[128] = data/odt2txt-0.5/strbuf.c:91:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data + buf->len, str, n); data/odt2txt-0.5/strbuf.c:137:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data + start, subst, subst_len); data/odt2txt-0.5/strbuf.c:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data + start, subst, subst_len); data/odt2txt-0.5/strbuf.c:150:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data + start, subst, subst_len); data/odt2txt-0.5/t/test-strbuf.c:76:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, test2, strlen(test2) + 1); data/odt2txt-0.5/kunzip/fileio.c:18:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(in); data/odt2txt-0.5/kunzip/fileio.c:19:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = c | (getc(in) << 8); data/odt2txt-0.5/kunzip/fileio.c:20:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = c | (getc(in) << 16); data/odt2txt-0.5/kunzip/fileio.c:21:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = c | (getc(in) << 24); data/odt2txt-0.5/kunzip/fileio.c:30:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(in); data/odt2txt-0.5/kunzip/fileio.c:31:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = c | (getc(in) << 8); data/odt2txt-0.5/kunzip/fileio.c:41:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s[t] = getc(in); data/odt2txt-0.5/kunzip/fileio.c:53:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(in); data/odt2txt-0.5/kunzip/fileio.c:54:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = (c << 8) + getc(in); data/odt2txt-0.5/kunzip/fileio.c:55:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = (c << 8) + getc(in); data/odt2txt-0.5/kunzip/fileio.c:56:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = (c << 8) + getc(in); data/odt2txt-0.5/kunzip/fileio.c:65:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(in); data/odt2txt-0.5/kunzip/fileio.c:66:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = (c << 8) + getc(in); data/odt2txt-0.5/odt2txt.c:341:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inleft = strlen(in); data/odt2txt-0.5/odt2txt.c:369:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(enc, tmp, 20); data/odt2txt-0.5/odt2txt.c:374:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(enc, "ISO-8859-1", 20); data/odt2txt-0.5/odt2txt.c:484:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t arglen = strlen(argv[i]) - 10; data/odt2txt-0.5/odt2txt.c:506:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t arglen = strlen(argv[i]) - 8; data/odt2txt-0.5/regex.c:169:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pr_len = strlen(prefix); data/odt2txt-0.5/regex.c:171:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). po_len = strlen(prefix); data/odt2txt-0.5/regex.c:198:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t lflen = strlen(lf); data/odt2txt-0.5/strbuf.c:36:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(buf->opt & STRBUF_NULLOK) && strlen(buf->data) != buf->len) data/odt2txt-0.5/strbuf.c:38:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned int)strlen(buf->data), buf->len); data/odt2txt-0.5/strbuf.c:101:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strbuf_append_n(buf, str, strlen(str)); data/odt2txt-0.5/strbuf.c:133:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subst_len = strlen(subst); data/odt2txt-0.5/strbuf.c:260:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strbuf_slurp_n(str, strlen(str)); data/odt2txt-0.5/t/test-strbuf.c:32:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(test1) == strbuf_append(buf, test1)); data/odt2txt-0.5/t/test-strbuf.c:70:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(test3) == strbuf_subst(buf, 0, 0, test3)); data/odt2txt-0.5/t/test-strbuf.c:75:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = ymalloc(strlen(test2) + 1); data/odt2txt-0.5/t/test-strbuf.c:76:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(c, test2, strlen(test2) + 1); ANALYSIS SUMMARY: Hits = 53 Lines analyzed = 2367 in approximately 0.08 seconds (30207 lines/second) Physical Source Lines of Code (SLOC) = 1628 Hits@level = [0] 53 [1] 30 [2] 20 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 106 [1+] 53 [2+] 23 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 65.1106 [1+] 32.5553 [2+] 14.1278 [3+] 1.84275 [4+] 1.84275 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.