Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/prerex-6.8.0/prerex.c Examining data/prerex-6.8.0/prerex.h Examining data/prerex-6.8.0/inout.c Examining data/prerex-6.8.0/edit.c Examining data/prerex-6.8.0/utils.c FINAL RESULTS: data/prerex-6.8.0/edit.c:104:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system (clp)) puts("System call failed."); data/prerex-6.8.0/prerex.c:178:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system (command)) data/prerex-6.8.0/prerex.c:210:8: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. ch = getopt_long (argc, argv, "hv", longopts, NULL); data/prerex-6.8.0/prerex.c:228:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. ch = getopt_long (argc, argv, "hv", longopts, NULL); data/prerex-6.8.0/edit.c:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deftext[LINE_LEN]; /* buffer for default input */ data/prerex-6.8.0/edit.c:39:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PRIVATE char prompt[LINE_LEN]; data/prerex-6.8.0/edit.c:105:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tex_file = fopen (chartfilename, "r+"); data/prerex-6.8.0/edit.c:786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:853:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[16]; data/prerex-6.8.0/edit.c:860:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (deftext, "%i", pa->u.a.curvature); data/prerex-6.8.0/edit.c:890:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[16]; data/prerex-6.8.0/edit.c:1035:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1262:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1336:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1342:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). backup_tex_file = fopen (backup_filename, "w"); data/prerex-6.8.0/edit.c:1356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1357:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). backup_tex_file = fopen (backup_filename, "r"); data/prerex-6.8.0/edit.c:1370:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tex_file = fopen (chartfilename, "w+"); data/prerex-6.8.0/edit.c:1386:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[8]; data/prerex-6.8.0/edit.c:1440:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[COMMAND_LEN + 1] = {'\0'}; data/prerex-6.8.0/edit.c:1518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[FILE_LEN + 8] = {'\0'}; data/prerex-6.8.0/inout.c:27:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PRIVATE char line[LINE_LEN]; data/prerex-6.8.0/inout.c:108:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). c = atoi (lp); data/prerex-6.8.0/inout.c:598:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[LINE_LEN + 24] = {'\0'}; data/prerex-6.8.0/inout.c:620:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if ((pretext = tmpfile ()) == NULL) error ("Can't create temporary file."); data/prerex-6.8.0/inout.c:621:19: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if ((posttext = tmpfile ()) == NULL) error ("Can't create temporary file."); data/prerex-6.8.0/inout.c:622:19: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if ((comments = tmpfile ()) == NULL) error ("Can't create temporary file."); data/prerex-6.8.0/inout.c:884:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tex_file = fopen (chartfilename, "w+"); data/prerex-6.8.0/prerex.c:70:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PRIVATE char basefilename[FILE_LEN]; data/prerex-6.8.0/prerex.c:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chartfilename[FILE_LEN]; data/prerex-6.8.0/prerex.c:74:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backup_filename[FILE_LEN + 1]; data/prerex-6.8.0/prerex.c:106:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tex_file = fopen (chartfilename, "w+"); data/prerex-6.8.0/prerex.c:128:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tex_file = fopen (chartfilename, "r+"); data/prerex-6.8.0/prerex.c:140:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tex_file = fopen (chartfilename, "r+"); data/prerex-6.8.0/prerex.c:152:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). backup_tex_file = fopen (backup_filename, "w+"); data/prerex-6.8.0/prerex.c:166:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[LINE_LEN] = {'\0'}; data/prerex-6.8.0/prerex.c:168:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_root[FILE_LEN + 3] = {'\0'}; data/prerex-6.8.0/prerex.h:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[TITLE_LEN + 1]; data/prerex-6.8.0/prerex.h:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timetable[TIMETABLE_LEN + 1]; data/prerex-6.8.0/prerex.h:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[COLOR_LEN +1]; /* null string for default color */ data/prerex-6.8.0/prerex.h:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[LINE_LEN+1]; data/prerex-6.8.0/prerex.h:89:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char CourseCode[CODE_LEN + 1]; data/prerex-6.8.0/prerex.h:189:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char chartfilename[FILE_LEN]; data/prerex-6.8.0/prerex.h:191:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char backup_filename[FILE_LEN + 1]; data/prerex-6.8.0/prerex.h:226:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char deftext[LINE_LEN]; /* buffer for default input */ data/prerex-6.8.0/utils.c:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[LINE_LEN + 24] = {'\0'}; data/prerex-6.8.0/edit.c:798:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%1s", code); data/prerex-6.8.0/edit.c:815:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:863:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%15s", code); data/prerex-6.8.0/edit.c:906:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%15s", code); data/prerex-6.8.0/edit.c:1058:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1125:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1187:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1266:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1306:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf (command_line, "%*s %7s", code) != 1) data/prerex-6.8.0/edit.c:1313:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1339:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1366:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1392:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%7s", code); data/prerex-6.8.0/edit.c:1441:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%63s", command); data/prerex-6.8.0/edit.c:1562:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_line[strlen(command_line) - 1] = '\0'; data/prerex-6.8.0/inout.c:628:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc (tex_file); data/prerex-6.8.0/inout.c:640:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { ch = getc (tex_file);} data/prerex-6.8.0/inout.c:662:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { ch = getc (tex_file);} data/prerex-6.8.0/inout.c:665:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc (tex_file); data/prerex-6.8.0/inout.c:669:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc (tex_file); data/prerex-6.8.0/inout.c:677:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc (tex_file); data/prerex-6.8.0/prerex.c:171:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_root[strlen(filename_root) - 4] = '\0'; /* truncate ".tex" */ data/prerex-6.8.0/prerex.c:253:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (command_line, "%127s", basefilename); data/prerex-6.8.0/utils.c:91:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *pct = ct + strlen (ct) - strlen (cs); data/prerex-6.8.0/utils.c:91:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *pct = ct + strlen (ct) - strlen (cs); data/prerex-6.8.0/utils.c:107:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (f); data/prerex-6.8.0/utils.c:111:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (f); ANALYSIS SUMMARY: Hits = 76 Lines analyzed = 3125 in approximately 0.12 seconds (25546 lines/second) Physical Source Lines of Code (SLOC) = 2750 Hits@level = [0] 107 [1] 27 [2] 45 [3] 2 [4] 2 [5] 0 Hits@level+ = [0+] 183 [1+] 76 [2+] 49 [3+] 4 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 66.5455 [1+] 27.6364 [2+] 17.8182 [3+] 1.45455 [4+] 0.727273 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.