Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sketch-0.3.7/bsp.c Examining data/sketch-0.3.7/bsp.h Examining data/sketch-0.3.7/cmdline.c Examining data/sketch-0.3.7/cmdline.h Examining data/sketch-0.3.7/dynarray.h Examining data/sketch-0.3.7/emit.c Examining data/sketch-0.3.7/emit.h Examining data/sketch-0.3.7/error.c Examining data/sketch-0.3.7/error.h Examining data/sketch-0.3.7/expr.c Examining data/sketch-0.3.7/expr.h Examining data/sketch-0.3.7/geometry.c Examining data/sketch-0.3.7/geometry.h Examining data/sketch-0.3.7/geomio.c Examining data/sketch-0.3.7/geomio.h Examining data/sketch-0.3.7/global.c Examining data/sketch-0.3.7/global.h Examining data/sketch-0.3.7/langver.c Examining data/sketch-0.3.7/langver.h Examining data/sketch-0.3.7/lex.yy.c Examining data/sketch-0.3.7/main.c Examining data/sketch-0.3.7/main.h Examining data/sketch-0.3.7/memutil.c Examining data/sketch-0.3.7/memutil.h Examining data/sketch-0.3.7/opts.c Examining data/sketch-0.3.7/opts.h Examining data/sketch-0.3.7/parse.h Examining data/sketch-0.3.7/resource.h Examining data/sketch-0.3.7/scene.c Examining data/sketch-0.3.7/scene.h Examining data/sketch-0.3.7/symbol.c Examining data/sketch-0.3.7/symbol.h Examining data/sketch-0.3.7/version.h Examining data/sketch-0.3.7/y.tab.c Examining data/sketch-0.3.7/y.tab.h FINAL RESULTS: data/sketch-0.3.7/emit.c:41:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, fmt, f); data/sketch-0.3.7/emit.c:329:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, " circle (%s)", dotsize); data/sketch-0.3.7/error.c:54:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, arg_list); data/sketch-0.3.7/expr.c:44:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f, F, val->val.flt); data/sketch-0.3.7/expr.c:86:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f, "%s" F, (j == 0) ? "" : ",", xf[i + j]); data/sketch-0.3.7/geometry.c:1269:12: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while (scanf("%d %s", &i, buf) == 2) { data/sketch-0.3.7/lex.yy.c:1426:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(yytext, FLOAT_SCAN_FMT, &yylval.flt) != 1) { data/sketch-0.3.7/memutil.c:50:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_str, str); data/sketch-0.3.7/y.tab.c:967:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/sketch-0.3.7/y.tab.c:1680:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy((yyval.name), new_symbol(sym_tab, (yyvsp[-2].name), (yyvsp[-1].name), (yyvsp[0].obj), line) ? "" : (yyvsp[-2].name)); } data/sketch-0.3.7/y.tab.c:1685:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy((yyval.name), new_symbol(sym_tab, (yyvsp[-2].name), (yyvsp[-1].name), (yyvsp[0].obj), line) ? "" : (yyvsp[-2].name)); } data/sketch-0.3.7/dynarray.h:225:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->ELTS, src->ELTS, src->current_size * sizeof(ELEMENT_TYPE)); \ data/sketch-0.3.7/dynarray.h:232:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->ELTS, src->ELTS, src->N_ELTS * sizeof(ELEMENT_TYPE)); \ data/sketch-0.3.7/dynarray.h:345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->ELTS, src->ELTS, src->current_size * sizeof(ELEMENT_TYPE)); \ data/sketch-0.3.7/dynarray.h:352:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->ELTS, src->ELTS, src->N_ELTS * sizeof(ELEMENT_TYPE)); \ data/sketch-0.3.7/dynarray.h:361:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->ELTS[j], src->ELTS[i], sizeof dst->ELTS[0]); \ data/sketch-0.3.7/emit.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tic, buf1[16], buf2[16], buf3[16]; data/sketch-0.3.7/emit.c:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16]; data/sketch-0.3.7/emit.c:308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16]; data/sketch-0.3.7/emit.c:552:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file_name, "r"); data/sketch-0.3.7/emit.c:565:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16], buf3[16], buf4[16]; data/sketch-0.3.7/emit.c:607:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16], buf3[16], buf4[16]; data/sketch-0.3.7/emit.c:652:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16], buf3[16], buf4[16]; data/sketch-0.3.7/emit.c:688:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16], buf3[16], buf4[16]; data/sketch-0.3.7/emit.c:779:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[16], buf2[16], buf3[16], buf4[16]; data/sketch-0.3.7/geometry.c:1259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/sketch-0.3.7/langver.c:64:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v->key[M - i], v->str, i); // save major in key data/sketch-0.3.7/langver.c:88:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v->key[M], &v->str[i_minor], i - i_minor); // save minor in key data/sketch-0.3.7/langver.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v->key[M], &v->str[i_minor], i - i_minor); data/sketch-0.3.7/langver.h:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAX_PST_VERSION_STRING_SIZE]; data/sketch-0.3.7/langver.h:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[MAX_PST_VERSION_STRING_SIZE * 2]; data/sketch-0.3.7/lex.yy.c:1491:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/sketch-0.3.7/lex.yy.c:1510:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(buf, "r"); data/sketch-0.3.7/main.c:55:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out_file = fopen(wrap_env->out_file_name, "w"); data/sketch-0.3.7/main.c:110:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(file_name, "r"); data/sketch-0.3.7/opts.c:53:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &src[beg], len); data/sketch-0.3.7/opts.c:470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/sketch-0.3.7/symbol.h:27:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char SYMBOL_NAME[32]; data/sketch-0.3.7/y.tab.c:2254:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/sketch-0.3.7/y.tab.c:2271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yyformat[sizeof yyunexpected data/sketch-0.3.7/emit.c:44:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(buf); i > 0 && buf[i - 1] == '0'; i--) data/sketch-0.3.7/emit.c:60:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/sketch-0.3.7/emit.c:328:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = safe_malloc(strlen(dotsize) + 100); data/sketch-0.3.7/langver.c:47:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > sizeof v->str - 1) { data/sketch-0.3.7/lex.yy.c:879:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/sketch-0.3.7/lex.yy.c:1503:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(buf); data/sketch-0.3.7/memutil.c:49:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *new_str = safe_malloc(strlen(str) + 1); data/sketch-0.3.7/opts.c:38:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src); data/sketch-0.3.7/symbol.c:365:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sym->name, name, sizeof sym->name); data/sketch-0.3.7/symbol.c:368:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > sizeof sym->name - 1) data/sketch-0.3.7/symbol.c:372:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sym->tag, tag, sizeof sym->tag); data/sketch-0.3.7/y.tab.c:1077:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 14241 in approximately 0.39 seconds (36672 lines/second) Physical Source Lines of Code (SLOC) = 10689 Hits@level = [0] 137 [1] 12 [2] 29 [3] 0 [4] 11 [5] 0 Hits@level+ = [0+] 189 [1+] 52 [2+] 40 [3+] 11 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 17.6817 [1+] 4.86481 [2+] 3.74216 [3+] 1.0291 [4+] 1.0291 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.