Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/stlcmd-1.1/src/csgjs/CSG.cpp Examining data/stlcmd-1.1/src/csgjs/CSG.h Examining data/stlcmd-1.1/src/csgjs/Trees.cpp Examining data/stlcmd-1.1/src/csgjs/Trees.h Examining data/stlcmd-1.1/src/csgjs/constants.h Examining data/stlcmd-1.1/src/csgjs/math/HashKeys.cpp Examining data/stlcmd-1.1/src/csgjs/math/HashKeys.h Examining data/stlcmd-1.1/src/csgjs/math/Line3.cpp Examining data/stlcmd-1.1/src/csgjs/math/Line3.h Examining data/stlcmd-1.1/src/csgjs/math/Matrix4x4.cpp Examining data/stlcmd-1.1/src/csgjs/math/Matrix4x4.h Examining data/stlcmd-1.1/src/csgjs/math/Plane.h Examining data/stlcmd-1.1/src/csgjs/math/Polygon3.cpp Examining data/stlcmd-1.1/src/csgjs/math/Polygon3.h Examining data/stlcmd-1.1/src/csgjs/math/Vector3.cpp Examining data/stlcmd-1.1/src/csgjs/math/Vector3.h Examining data/stlcmd-1.1/src/csgjs/math/Vertex3.h Examining data/stlcmd-1.1/src/csgjs/util.cpp Examining data/stlcmd-1.1/src/csgjs/util.h Examining data/stlcmd-1.1/src/stl_bbox.cpp Examining data/stlcmd-1.1/src/stl_boolean.cpp Examining data/stlcmd-1.1/src/stl_borders.cpp Examining data/stlcmd-1.1/src/stl_cone.cpp Examining data/stlcmd-1.1/src/stl_convex.cpp Examining data/stlcmd-1.1/src/stl_count.cpp Examining data/stlcmd-1.1/src/stl_cube.cpp Examining data/stlcmd-1.1/src/stl_cylinder.cpp Examining data/stlcmd-1.1/src/stl_empty.cpp Examining data/stlcmd-1.1/src/stl_header.cpp Examining data/stlcmd-1.1/src/stl_merge.cpp Examining data/stlcmd-1.1/src/stl_normals.cpp Examining data/stlcmd-1.1/src/stl_sphere.cpp Examining data/stlcmd-1.1/src/stl_spreadsheet.cpp Examining data/stlcmd-1.1/src/stl_threads.cpp Examining data/stlcmd-1.1/src/stl_torus.cpp Examining data/stlcmd-1.1/src/stl_transform.cpp Examining data/stlcmd-1.1/src/stl_util.h FINAL RESULTS: data/stlcmd-1.1/src/stl_boolean.cpp:59:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "a:b:iud")) != -1) { data/stlcmd-1.1/src/stl_borders.cpp:122:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "")) != -1) { data/stlcmd-1.1/src/stl_cone.cpp:53:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "r:h:s:t:")) != -1) { data/stlcmd-1.1/src/stl_convex.cpp:125:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "v")) != -1) { data/stlcmd-1.1/src/stl_cube.cpp:50:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "w:")) != -1) { data/stlcmd-1.1/src/stl_cylinder.cpp:52:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "r:h:s:")) != -1) { data/stlcmd-1.1/src/stl_header.cpp:52:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "s:o:")) != -1) { data/stlcmd-1.1/src/stl_merge.cpp:51:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "o:")) != -1) { data/stlcmd-1.1/src/stl_normals.cpp:60:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "vcr")) != -1) { data/stlcmd-1.1/src/stl_sphere.cpp:52:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "r:s:t:")) != -1) { data/stlcmd-1.1/src/stl_threads.cpp:355:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "fP:D:a:h:s:o:")) != -1) { data/stlcmd-1.1/src/stl_torus.cpp:57:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "i:o:s:c:")) != -1) { data/stlcmd-1.1/src/csgjs/util.cpp:20:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "rb"); data/stlcmd-1.1/src/csgjs/util.cpp:57:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *outf = fopen(filename, "wb"); data/stlcmd-1.1/src/csgjs/util.cpp:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_bbox.cpp:54:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_borders.cpp:141:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_cone.cpp:65:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). segments = atoi(optarg); data/stlcmd-1.1/src/stl_cone.cpp:84:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_cone.cpp:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_convex.cpp:147:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_count.cpp:51:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r+b"); data/stlcmd-1.1/src/stl_cube.cpp:72:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_cube.cpp:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_cylinder.cpp:62:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). segments = atoi(optarg); data/stlcmd-1.1/src/stl_cylinder.cpp:81:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_cylinder.cpp:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_empty.cpp:52:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_empty.cpp:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_header.cpp:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[80]; data/stlcmd-1.1/src/stl_header.cpp:83:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r+b"); data/stlcmd-1.1/src/stl_header.cpp:92:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(out_file, "wb"); data/stlcmd-1.1/src/stl_header.cpp:100:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFFER_SIZE]; data/stlcmd-1.1/src/stl_merge.cpp:74:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/stlcmd-1.1/src/stl_merge.cpp:84:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_merge.cpp:102:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(out_file, "wb"); data/stlcmd-1.1/src/stl_merge.cpp:104:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/stlcmd-1.1/src/stl_merge.cpp:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; // include an extra char for terminating \0 of snprintf data/stlcmd-1.1/src/stl_merge.cpp:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base1[50]; data/stlcmd-1.1/src/stl_merge.cpp:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base2[50]; data/stlcmd-1.1/src/stl_merge.cpp:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFFER_SIZE]; data/stlcmd-1.1/src/stl_merge.cpp:128:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/stlcmd-1.1/src/stl_merge.cpp:132:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_normals.cpp:91:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/stlcmd-1.1/src/stl_normals.cpp:99:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(in_file, "rb"); data/stlcmd-1.1/src/stl_normals.cpp:111:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(out_file, "wb"); data/stlcmd-1.1/src/stl_normals.cpp:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[80] = {0}; data/stlcmd-1.1/src/stl_sphere.cpp:58:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s_segments = atoi(optarg); data/stlcmd-1.1/src/stl_sphere.cpp:61:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s_segments = atoi(optarg); data/stlcmd-1.1/src/stl_sphere.cpp:93:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_sphere.cpp:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_spreadsheet.cpp:57:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_threads.cpp:373:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). segments = atoi(optarg); data/stlcmd-1.1/src/stl_threads.cpp:398:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_threads.cpp:404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_torus.cpp:66:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). segments = atoi(optarg); data/stlcmd-1.1/src/stl_torus.cpp:69:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minorSegments = atoi(optarg); data/stlcmd-1.1/src/stl_torus.cpp:93:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(file, "wb"); data/stlcmd-1.1/src/stl_torus.cpp:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; data/stlcmd-1.1/src/stl_transform.cpp:231:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rb"); data/stlcmd-1.1/src/stl_transform.cpp:237:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(outfile, "wb"); data/stlcmd-1.1/src/stl_transform.cpp:249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[81] = {0}; // include an extra char for terminating \0 of snprintf data/stlcmd-1.1/src/stl_util.h:36:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "rb"); data/stlcmd-1.1/src/stl_count.cpp:72:35: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(bights_read < 80 && getc(stdin) != EOF) { data/stlcmd-1.1/src/stl_count.cpp:86:39: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(bights_read < 4 && (c = getc(stdin)) != EOF) { data/stlcmd-1.1/src/stl_count.cpp:99:44: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(bights_read < num_tris*16 && getc(stdin) != EOF) { data/stlcmd-1.1/src/stl_header.cpp:90:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(header, set_header, 80); data/stlcmd-1.1/src/stl_header.cpp:109:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(header, set_header, 80); ANALYSIS SUMMARY: Hits = 68 Lines analyzed = 6688 in approximately 0.19 seconds (35847 lines/second) Physical Source Lines of Code (SLOC) = 4998 Hits@level = [0] 192 [1] 5 [2] 51 [3] 12 [4] 0 [5] 0 Hits@level+ = [0+] 260 [1+] 68 [2+] 63 [3+] 12 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 52.0208 [1+] 13.6054 [2+] 12.605 [3+] 2.40096 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.