Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sombok-2.4.0/include/sombok_constants.h
Examining data/sombok-2.4.0/lib/5.1.0.c
Examining data/sombok-2.4.0/lib/5.2.0.c
Examining data/sombok-2.4.0/lib/6.0.0.c
Examining data/sombok-2.4.0/lib/6.1.0.c
Examining data/sombok-2.4.0/lib/6.2.0.c
Examining data/sombok-2.4.0/lib/6.3.0.c
Examining data/sombok-2.4.0/lib/7.0.0.c
Examining data/sombok-2.4.0/lib/8.0.0.c
Examining data/sombok-2.4.0/lib/break.c
Examining data/sombok-2.4.0/lib/charprop.c
Examining data/sombok-2.4.0/lib/gcstring.c
Examining data/sombok-2.4.0/lib/linebreak.c
Examining data/sombok-2.4.0/lib/southeastasian.c
Examining data/sombok-2.4.0/lib/utf8.c
Examining data/sombok-2.4.0/lib/utils.c
Examining data/sombok-2.4.0/src/mymalloc.c
Examining data/sombok-2.4.0/src/mymalloc.h
Examining data/sombok-2.4.0/src/strcasecmp.c
Examining data/sombok-2.4.0/src/strerror.c
Examining data/sombok-2.4.0/src/sombok.c
FINAL RESULTS:
data/sombok-2.4.0/src/sombok.c:133:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(SHELL_PROGRAM, SHELL_NAME, "-c", cmd, SHELL_NAME, arg, NULL);
data/sombok-2.4.0/src/sombok.c:419:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PACKAGE_NAME " " PACKAGE_VERSION "\n");
data/sombok-2.4.0/src/strerror.c:29:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, sizeof(buf), "Unknown error %d", errnum);
data/sombok-2.4.0/lib/break.c:401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unistr.str + unistr.len, input->str,
data/sombok-2.4.0/lib/break.c:1281:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + retlen, appe,
data/sombok-2.4.0/lib/break.c:1310:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + retlen, appe,
data/sombok-2.4.0/lib/charprop.c:249:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, (new), sizeof(mapent_t)); \
data/sombok-2.4.0/lib/charprop.c:295:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obj->map, &newmap, sizeof(mapent_t));
data/sombok-2.4.0/lib/gcstring.c:297:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unistr.str, str->str, sizeof(unichar_t) * str->len);
data/sombok-2.4.0/lib/gcstring.c:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, gcstr, sizeof(gcstring_t));
data/sombok-2.4.0/lib/gcstring.c:371:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, gcstr->str, sizeof(unichar_t) * gcstr->len);
data/sombok-2.4.0/lib/gcstring.c:380:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newgcstr, gcstr->gcstr, sizeof(gcchar_t) * gcstr->gclen);
data/sombok-2.4.0/lib/gcstring.c:426:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ustr.str, gcstr->str + aidx, sizeof(unichar_t) * alen);
data/sombok-2.4.0/lib/gcstring.c:427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ustr.str + alen, appe->str, sizeof(unichar_t) * blen);
data/sombok-2.4.0/lib/gcstring.c:447:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gcstr->str + gcstr->len, appe->str,
data/sombok-2.4.0/lib/gcstring.c:482:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gcstr->str, appe->str, sizeof(unichar_t) * appe->len);
data/sombok-2.4.0/lib/gcstring.c:484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gcstr->gcstr, appe->gcstr, sizeof(gcchar_t) * appe->gclen);
data/sombok-2.4.0/lib/gcstring.c:683:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->str, gcstr->str + gcstr->gcstr[offset].idx,
data/sombok-2.4.0/lib/gcstring.c:687:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->gcstr + i, gcstr->gcstr + offset + i,
data/sombok-2.4.0/lib/linebreak.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newobj, obj, sizeof(linebreak_t));
data/sombok-2.4.0/lib/linebreak.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap, obj->map, sizeof(mapent_t) * obj->mapsiz);
data/sombok-2.4.0/lib/linebreak.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, obj->newline.str,
data/sombok-2.4.0/lib/linebreak.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, obj->bufstr.str,
data/sombok-2.4.0/lib/linebreak.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, obj->bufspc.str,
data/sombok-2.4.0/lib/linebreak.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, obj->unread.str,
data/sombok-2.4.0/lib/linebreak.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newobj->prep_func, obj->prep_func,
data/sombok-2.4.0/lib/linebreak.c:175:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newobj->prep_data, obj->prep_data,
data/sombok-2.4.0/lib/linebreak.c:271:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, newline->str, sizeof(unichar_t) * newline->len);
data/sombok-2.4.0/lib/southeastasian.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, gcstr->str, sizeof(wchar_t) * len);
data/sombok-2.4.0/src/mymalloc.c:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)alloclist[i]);
data/sombok-2.4.0/src/mymalloc.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((char *) alloclist[i])[INFOLEN])
data/sombok-2.4.0/src/mymalloc.c:64:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, ">%s\n", (char *) (alloclist[i] + INFOLEN));
data/sombok-2.4.0/src/mymalloc.c:104:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) mem)[INFOLEN] = '\0';
data/sombok-2.4.0/src/mymalloc.c:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) mem)[INFOLEN] = '\0';
data/sombok-2.4.0/src/mymalloc.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) mem)[INFOLEN] = '\0';
data/sombok-2.4.0/src/sombok.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFLEN];
data/sombok-2.4.0/src/sombok.c:242:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lbobj->charmax = atol(argv[++i]);
data/sombok-2.4.0/src/sombok.c:452:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((ofp = fopen(outfile, "wb")) == NULL) {
data/sombok-2.4.0/src/sombok.c:508:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((ifp = fopen(argv[i], "rb")) == NULL) {
data/sombok-2.4.0/src/strerror.c:25:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[26];
data/sombok-2.4.0/src/sombok.c:188:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(ofd, buf, BUFSIZ)) == -1) {
data/sombok-2.4.0/src/sombok.c:245:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (parse_string(argv[i], strlen(argv[i])) == NULL) {
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 39620 in approximately 1.74 seconds (22827 lines/second)
Physical Source Lines of Code (SLOC) = 38009
Hits@level = [0] 23 [1] 2 [2] 37 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 65 [1+] 42 [2+] 40 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 1.71012 [1+] 1.105 [2+] 1.05238 [3+] 0.0789287 [4+] 0.0789287 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.