Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sma-1.4/ascii.c
Examining data/sma-1.4/conf.h
Examining data/sma-1.4/getopt.c
Examining data/sma-1.4/hash.c
Examining data/sma-1.4/html.c
Examining data/sma-1.4/init.c
Examining data/sma-1.4/parse.c
Examining data/sma-1.4/regex/cclass.h
Examining data/sma-1.4/regex/cname.h
Examining data/sma-1.4/regex/engine.c
Examining data/sma-1.4/regex/regcomp.c
Examining data/sma-1.4/regex/regerror.c
Examining data/sma-1.4/regex/regex.h
Examining data/sma-1.4/regex/regex2.h
Examining data/sma-1.4/regex/regexec.c
Examining data/sma-1.4/regex/regfree.c
Examining data/sma-1.4/regex/utils.h
Examining data/sma-1.4/sma.c
Examining data/sma-1.4/sma.h
Examining data/sma-1.4/utils.c
FINAL RESULTS:
data/sma-1.4/regex/regcomp.c:1259:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(cs->multis + oldend - 1, cp);
data/sma-1.4/regex/regerror.c:134:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(convbuf, r->name);
data/sma-1.4/getopt.c:51:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(nargc, nargv, ostr)
data/sma-1.4/sma.c:44:6: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int, char **, char *);
data/sma-1.4/sma.c:55:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "C:D:H:L:b:f:l:r:t:o:O:AFacdhinpsqvw")) != -1)
data/sma-1.4/init.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/sma-1.4/init.c:80:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
epnum = atoi(str2);
data/sma-1.4/init.c:84:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lnum = atoi(str2);
data/sma-1.4/init.c:89:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lrnum = atoi(str2);
data/sma-1.4/init.c:92:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rpnum = atoi(str2);
data/sma-1.4/init.c:96:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rnum = atoi(str2);
data/sma-1.4/init.c:101:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rrnum = atoi(str2);
data/sma-1.4/init.c:140:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stnum = atoi(str2);
data/sma-1.4/init.c:142:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rsnum = atoi(str2);
data/sma-1.4/init.c:144:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rsrnum = atoi(str2);
data/sma-1.4/parse.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048];
data/sma-1.4/parse.c:85:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *env_rec[128];
data/sma-1.4/parse.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *head[64];
data/sma-1.4/parse.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *info[64];
data/sma-1.4/parse.c:200:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(head[1]);
data/sma-1.4/parse.c:398:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hptr->lsize = atoi(info[k]+5);
data/sma-1.4/parse.c:410:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idsize = atoi(info[k]+7);
data/sma-1.4/regex/engine.c:1072:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbuf[10];
data/sma-1.4/regex/engine.c:1075:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(pbuf, "%c", ch);
data/sma-1.4/regex/engine.c:1077:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(pbuf, "\\%o", ch);
data/sma-1.4/regex/regcomp.c:121:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nuls[10]; /* place to point scanner in event of error */
data/sma-1.4/regex/regcomp.c:931:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[3];
data/sma-1.4/regex/regcomp.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[4];
data/sma-1.4/regex/regcomp.c:1383:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char *)(p->strip + p->slen),
data/sma-1.4/regex/regerror.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convbuf[50];
data/sma-1.4/regex/regerror.c:136:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(convbuf, "REG_0x%x", target);
data/sma-1.4/regex/regerror.c:168:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(localbuf, "%d", r->code);
data/sma-1.4/regex/regexec.c:112:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ASSIGN(d, s) memcpy(d, s, m->g->nstates)
data/sma-1.4/regex/utils.h:59:26: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(d, s, c) bcopy(s, d, c)
data/sma-1.4/sma.c:100:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lnum = atoi(sma_optarg);
data/sma-1.4/sma.c:108:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rnum = atoi(sma_optarg);
data/sma-1.4/sma.c:158:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fchar, "r")))
data/sma-1.4/sma.c:165:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(DEFAULT_CONF, "r")))
data/sma-1.4/sma.c:209:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
asize = atoi(hastring);
data/sma-1.4/sma.c:213:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rsize = atoi(hrstring);
data/sma-1.4/sma.c:261:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(ofp = fopen(ochar, "w"))) {
data/sma-1.4/sma.c:428:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(*argv, "r")))
data/sma-1.4/utils.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dates[128];
data/sma-1.4/ascii.c:52:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p)-1] = '\0';
data/sma-1.4/ascii.c:126:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->setab[j]->fname) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:132:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->setab[j]->fname) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->setab[j]->tname) >= 40) ? "$\n" : "\n");
data/sma-1.4/ascii.c:163:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->sitab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:169:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->sitab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:196:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->sotab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:202:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->sotab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:228:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->srtab[j]->fname) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:234:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->srtab[j]->fname) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:246:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->srtab[j]->tname) >= 40) ? "$\n" : "\n");
data/sma-1.4/ascii.c:264:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->rsitab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:270:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->rsitab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:298:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->rsotab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/ascii.c:304:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hptr->rsotab[j]->name) >= 40) ? "$" : " ",
data/sma-1.4/hash.c:592:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(tmp = malloc(strlen(s)+strlen(p))))
data/sma-1.4/hash.c:592:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(tmp = malloc(strlen(s)+strlen(p))))
data/sma-1.4/hash.c:633:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(tmp = malloc(strlen(s)+strlen(p))))
data/sma-1.4/hash.c:633:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(tmp = malloc(strlen(s)+strlen(p))))
data/sma-1.4/init.c:48:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[strlen(buff)-1] = '\0';
data/sma-1.4/init.c:55:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(&buff[i]))
data/sma-1.4/init.c:66:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(&buff[i])+1;
data/sma-1.4/init.c:73:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(str2)) {
data/sma-1.4/init.c:243:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(tmpstr = malloc(strlen(str))))
data/sma-1.4/parse.c:117:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = '\0';
data/sma-1.4/parse.c:188:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Lchar)))) {
data/sma-1.4/regex/engine.c:164:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop = start + strlen(start);
data/sma-1.4/regex/regcomp.c:197:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)pattern);
data/sma-1.4/regex/regcomp.c:831:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (u = cp->multis; *u != '\0'; u += strlen(u) + 1)
data/sma-1.4/regex/regcomp.c:1245:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cs->smultis += strlen(cp) + 1;
data/sma-1.4/regex/regerror.c:133:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(r->name) < sizeof(convbuf));
data/sma-1.4/regex/regerror.c:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/sma-1.4/regex/regerror.c:144:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(errbuf, s, errbuf_size-1);
data/sma-1.4/utils.c:145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dot) != 2)
data/sma-1.4/utils.c:153:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(p)) {
ANALYSIS SUMMARY:
Hits = 78
Lines analyzed = 8675 in approximately 0.35 seconds (25042 lines/second)
Physical Source Lines of Code (SLOC) = 6291
Hits@level = [0] 503 [1] 35 [2] 38 [3] 3 [4] 2 [5] 0
Hits@level+ = [0+] 581 [1+] 78 [2+] 43 [3+] 5 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 92.3542 [1+] 12.3987 [2+] 6.83516 [3+] 0.794786 [4+] 0.317914 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.