Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tclcl-1.20/compat/gettod.c
Examining data/tclcl-1.20/compat/win32.c
Examining data/tclcl-1.20/config.h
Examining data/tclcl-1.20/idlecallback.cc
Examining data/tclcl-1.20/idlecallback.h
Examining data/tclcl-1.20/iohandler.cc
Examining data/tclcl-1.20/iohandler.h
Examining data/tclcl-1.20/rate-variable.cc
Examining data/tclcl-1.20/rate-variable.h
Examining data/tclcl-1.20/Tcl.cc
Examining data/tclcl-1.20/Tcl2.cc
Examining data/tclcl-1.20/tcl2c++.c
Examining data/tclcl-1.20/tclAppInit.cc
Examining data/tclcl-1.20/tclcl-config.h
Examining data/tclcl-1.20/tclcl-internal.h
Examining data/tclcl-1.20/tclcl-mappings.h
Examining data/tclcl-1.20/tclcl.h
Examining data/tclcl-1.20/timer.cc
Examining data/tclcl-1.20/timer.h
Examining data/tclcl-1.20/tkAppInit.cc
Examining data/tclcl-1.20/tracedvar.cc
Examining data/tclcl-1.20/tracedvar.h
FINAL RESULTS:
data/tclcl-1.20/Tcl.cc:165:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s);
data/tclcl-1.20/Tcl.cc:170:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s);
data/tclcl-1.20/Tcl.cc:186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wrk, "tkerror {%s: %s}", application_, s);
data/tclcl-1.20/Tcl.cc:225:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&bp_[1], "%s.%s", application_ + 1, name);
data/tclcl-1.20/Tcl.cc:232:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&bp_[1], "%s.%s", application_ + 1, name);
data/tclcl-1.20/Tcl.cc:239:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&bp_[1], application_ + 1);
data/tclcl-1.20/Tcl.cc:298:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name_, s);
data/tclcl-1.20/Tcl.cc:302:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name_, s);
data/tclcl-1.20/Tcl.cc:311:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s: ", t.application());
data/tclcl-1.20/Tcl.cc:315:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "\"%s\" (%s): ", class_name_, cmd);
data/tclcl-1.20/Tcl.cc:317:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s: ", cmd);
data/tclcl-1.20/Tcl.cc:320:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "no such method (%s)", argv[1]);
data/tclcl-1.20/Tcl.cc:346:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wrk, "$self instvar %s", var);
data/tclcl-1.20/Tcl.cc:443:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tclcl-1.20/Tcl.cc:658:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, name);
data/tclcl-1.20/Tcl.cc:774:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wrk, "$self init-instvar %s", var);
data/tclcl-1.20/Tcl.cc:871:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (-1 == snprintf(wrk, wrklen,
data/tclcl-1.20/Tcl.cc:1251:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s ", name());
data/tclcl-1.20/Tcl.cc:1254:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(&buffer[strlen(buffer)], format, ap);
data/tclcl-1.20/Tcl2.cc:49:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char *buf, int size, const char *fmt, ...)
data/tclcl-1.20/Tcl2.cc:59:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
n = vsprintf(buf, fmt, ap);
data/tclcl-1.20/Tcl2.cc:65:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
n = vsprintf(buf, fmt, ap);
data/tclcl-1.20/Tcl2.cc:82:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(bp_, fmt, ap);
data/tclcl-1.20/Tcl2.cc:90:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(bp_, fmt, ap);
data/tclcl-1.20/Tcl2.cc:100:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, fmt, ap);
data/tclcl-1.20/rate-variable.cc:110:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(res, rv->format, rate);
data/tclcl-1.20/rate-variable.cc:140:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv->format, fmt);
data/tclcl-1.20/tclcl-internal.h:36:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *buf, int size, const char *fmt, ...);
data/tclcl-1.20/Tcl.cc:322:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "requires additional args");
data/tclcl-1.20/Tcl.cc:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[256];
data/tclcl-1.20/Tcl.cc:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[WRK_MEDIUM_SIZE];
data/tclcl-1.20/Tcl.cc:727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[WRK_SMALL_SIZE];
data/tclcl-1.20/Tcl.cc:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[256];
data/tclcl-1.20/Tcl.cc:891:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(s);
data/tclcl-1.20/Tcl.cc:957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[32];
data/tclcl-1.20/Tcl.cc:994:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[32];
data/tclcl-1.20/Tcl.cc:1070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrk[WRK_MEDIUM_SIZE];
data/tclcl-1.20/Tcl.cc:1248:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024]; /* XXX: individual command should not be
data/tclcl-1.20/Tcl2.cc:96:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024]; /* XXX: individual error lines should not be
data/tclcl-1.20/rate-variable.cc:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16];
data/tclcl-1.20/rate-variable.cc:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[128];
data/tclcl-1.20/rate-variable.cc:86:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int curval = atoi(cv);
data/tclcl-1.20/tcl2c++.c:216:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(filename, "r");
data/tclcl-1.20/tclcl.h:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_[4096];
data/tclcl-1.20/tclcl.h:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_[TCLCL_NAME_LEN];
data/tclcl-1.20/Tcl.cc:161:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int n = strlen(s) + 1;
data/tclcl-1.20/Tcl.cc:180:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(application_) + strlen(s);
data/tclcl-1.20/Tcl.cc:180:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(application_) + strlen(s);
data/tclcl-1.20/Tcl.cc:183:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(application_) + strlen(s);
data/tclcl-1.20/Tcl.cc:183:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(application_) + strlen(s);
data/tclcl-1.20/Tcl.cc:200:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp_ = p + strlen(p) + 1;
data/tclcl-1.20/Tcl.cc:213:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > MAX_CODE_TO_DUMP) {
data/tclcl-1.20/Tcl.cc:296:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= TCLCL_NAME_LEN)
data/tclcl-1.20/Tcl.cc:301:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_ = new char[strlen(s) + 1];
data/tclcl-1.20/Tcl.cc:312:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/tclcl-1.20/Tcl.cc:318:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/tclcl-1.20/Tcl.cc:657:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* s = new char[strlen(name) + 1];
data/tclcl-1.20/Tcl.cc:675:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, value_, buflen);
data/tclcl-1.20/Tcl.cc:1254:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsprintf(&buffer[strlen(buffer)], format, ap);
data/tclcl-1.20/Tcl2.cc:60:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(n) >= size)
data/tclcl-1.20/Tcl2.cc:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(n);
data/tclcl-1.20/tcl2c++.c:78:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/tclcl-1.20/tcl2c++.c:107:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) != 'd') goto next;
data/tclcl-1.20/tcl2c++.c:108:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) != 'e') goto next;
data/tclcl-1.20/tcl2c++.c:109:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) != 'f') goto next;
data/tclcl-1.20/tcl2c++.c:110:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) != 'i') goto next;
data/tclcl-1.20/tcl2c++.c:111:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) != 'n') goto next;
data/tclcl-1.20/tcl2c++.c:112:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) != 'e') goto next;
data/tclcl-1.20/tcl2c++.c:158:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/tclcl-1.20/tcl2c++.c:169:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(f)) == *cp)
ANALYSIS SUMMARY:
Hits = 70
Lines analyzed = 3900 in approximately 0.14 seconds (28083 lines/second)
Physical Source Lines of Code (SLOC) = 2438
Hits@level = [0] 27 [1] 25 [2] 17 [3] 0 [4] 28 [5] 0
Hits@level+ = [0+] 97 [1+] 70 [2+] 45 [3+] 28 [4+] 28 [5+] 0
Hits/KSLOC@level+ = [0+] 39.7867 [1+] 28.7121 [2+] 18.4578 [3+] 11.4848 [4+] 11.4848 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.