Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/stfl-0.22/style.c
Examining data/stfl-0.22/dump.c
Examining data/stfl-0.22/spl/mod_stfl.c
Examining data/stfl-0.22/base.c
Examining data/stfl-0.22/binding.c
Examining data/stfl-0.22/stfl.h
Examining data/stfl-0.22/widgets/wt_table.c
Examining data/stfl-0.22/widgets/wt_box.c
Examining data/stfl-0.22/widgets/wt_list.c
Examining data/stfl-0.22/widgets/wt_input.c
Examining data/stfl-0.22/widgets/wt_label.c
Examining data/stfl-0.22/widgets/wt_textview.c
Examining data/stfl-0.22/iconv.c
Examining data/stfl-0.22/public.c
Examining data/stfl-0.22/stfl_compat.h
Examining data/stfl-0.22/example.c
Examining data/stfl-0.22/parser.c
Examining data/stfl-0.22/stfl_internals.h
FINAL RESULTS:
data/stfl-0.22/base.c:124:2: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(newtext, 64, L"%d", value);
data/stfl-0.22/base.c:153:2: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(newtext, 64, L"%d", value);
data/stfl-0.22/base.c:194:2: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(key1, key1_len, L"@%ls", key);
data/stfl-0.22/base.c:195:2: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(key2, key2_len, L"@%ls#%ls", w->type->name, key);
data/stfl-0.22/base.c:198:3: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(key3, key3_len, L"@%ls#%ls", w->cls, key);
data/stfl-0.22/base.c:549:2: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(on_handler, on_handler_len, L"on_%ls", on_event);
data/stfl-0.22/base.c:707:7: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(lookup_stylename, sizeof(lookup_stylename)/sizeof(*lookup_stylename), L"style_%ls_focus", stylename);
data/stfl-0.22/base.c:709:7: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(lookup_stylename, sizeof(lookup_stylename)/sizeof(*lookup_stylename), L"style_%ls_normal", stylename);
data/stfl-0.22/binding.c:65:3: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(name, 4, L"F%d", ch - KEY_F0);
data/stfl-0.22/binding.c:93:2: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(kvname, kvname_len, L"bind_%ls", name);
data/stfl-0.22/dump.c:49:12: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
int rc = vswprintf(buf, buf_len, fmt, ap);
data/stfl-0.22/public.c:83:4: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(ret_buffer, 16, L"%d", w->x);
data/stfl-0.22/public.c:88:4: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(ret_buffer, 16, L"%d", w->y);
data/stfl-0.22/public.c:93:4: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(ret_buffer, 16, L"%d", w->w);
data/stfl-0.22/public.c:98:4: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(ret_buffer, 16, L"%d", w->h);
data/stfl-0.22/public.c:103:4: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(ret_buffer, 16, L"%d", w->min_w);
data/stfl-0.22/public.c:108:4: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(ret_buffer, 16, L"%d", w->min_h);
data/stfl-0.22/widgets/wt_input.c:146:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(newtext + pos, text + pos + 1);
data/stfl-0.22/widgets/wt_input.c:158:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(newtext + pos - 1, text + pos);
data/stfl-0.22/widgets/wt_input.c:170:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(newtext + pos + 1, text + pos);
data/stfl-0.22/base.c:123:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t newtext[64];
data/stfl-0.22/base.c:152:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t newtext[64];
data/stfl-0.22/base.c:186:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t key1[key1_len];
data/stfl-0.22/base.c:189:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t key2[key2_len];
data/stfl-0.22/base.c:192:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t key3[key3_len];
data/stfl-0.22/base.c:694:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t stylename[p2 - p1];
data/stfl-0.22/base.c:704:6: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t lookup_stylename[128];
data/stfl-0.22/binding.c:92:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t kvname[kvname_len];
data/stfl-0.22/dump.c:72:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t q[2] = {L'"', 0};
data/stfl-0.22/parser.c:311:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wfn[filename_len+1];
data/stfl-0.22/parser.c:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[len];
data/stfl-0.22/parser.c:463:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/stfl-0.22/public.c:72:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_name[pseudovar_sep-name+1];
data/stfl-0.22/public.c:77:10: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t ret_buffer[16];
data/stfl-0.22/stfl_compat.h:34:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, n);
data/stfl-0.22/style.c:61:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t field[field_len+1];
data/stfl-0.22/widgets/wt_input.c:144:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t newtext[text_len];
data/stfl-0.22/widgets/wt_input.c:156:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t newtext[text_len];
data/stfl-0.22/widgets/wt_input.c:167:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t newtext[text_len + 2];
data/stfl-0.22/base.c:185:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key1_len = wcslen(key) + 2;
data/stfl-0.22/base.c:188:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key2_len = key1_len + wcslen(w->type->name) + 1;
data/stfl-0.22/base.c:191:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key3_len = w->cls ? key1_len + wcslen(w->cls) + 1 : 0;
data/stfl-0.22/base.c:547:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int on_handler_len = wcslen(on_event) + 4;
data/stfl-0.22/binding.c:52:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int keylen = strlen(key) + 1, i;
data/stfl-0.22/binding.c:77:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int event_len = strlen(event_c) + 1, i;
data/stfl-0.22/binding.c:89:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int event_len = wcslen(event);
data/stfl-0.22/binding.c:91:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int kvname_len = wcslen(name) + 6;
data/stfl-0.22/dump.c:64:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n->len = wcslen(n->value);
data/stfl-0.22/iconv.c:97:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inbytesleft = strlen(buf);
data/stfl-0.22/iconv.c:165:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inbytesleft = wcslen(buf)*sizeof(wchar_t);
data/stfl-0.22/parser.c:486:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wtextsize = mbsrtowcs(NULL,&text1,strlen(text1)+1,NULL)+1;
data/stfl-0.22/parser.c:493:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr,"strlen(text) = %u wcslen(wtext) = %u rc = %u wtextsize = %u\n", strlen(text), wcslen(wtext), rc, wtextsize);
data/stfl-0.22/parser.c:493:96: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr,"strlen(text) = %u wcslen(wtext) = %u rc = %u wtextsize = %u\n", strlen(text), wcslen(wtext), rc, wtextsize);
data/stfl-0.22/stfl_compat.h:32:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = (wcslen(src) + 1) * sizeof(wchar_t);
data/stfl-0.22/widgets/wt_input.c:39:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int text_len = wcslen(text);
data/stfl-0.22/widgets/wt_input.c:89:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int off_len = wcslen(text_off);
data/stfl-0.22/widgets/wt_input.c:112:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int text_len = wcslen(text);
data/stfl-0.22/widgets/wt_label.c:31:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w->min_w = wcswidth(text, wcslen(text));
data/stfl-0.22/widgets/wt_label.c:54:56: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwaddnwstr(win, w->y, w->x, fillup, wcswidth(fillup,wcslen(fillup)));
data/stfl-0.22/widgets/wt_list.c:72:27: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = wcswidth(text,wcslen(text));
data/stfl-0.22/widgets/wt_list.c:134:66: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwaddnwstr(win, w->y+i-offset, w->x, fillup, wcswidth(fillup,wcslen(fillup)));
data/stfl-0.22/widgets/wt_list.c:142:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = wcslen(text);
data/stfl-0.22/widgets/wt_textview.c:75:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = wcswidth(text, wcslen(text));
ANALYSIS SUMMARY:
Hits = 63
Lines analyzed = 4589 in approximately 0.13 seconds (35407 lines/second)
Physical Source Lines of Code (SLOC) = 3344
Hits@level = [0] 23 [1] 24 [2] 19 [3] 0 [4] 20 [5] 0
Hits@level+ = [0+] 86 [1+] 63 [2+] 39 [3+] 20 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 25.7177 [1+] 18.8397 [2+] 11.6627 [3+] 5.98086 [4+] 5.98086 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.