Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tdbcmysql-1.1.1/generic/tdbcmysql.c Examining data/tdbcmysql-1.1.1/generic/mysqlStubs.h Examining data/tdbcmysql-1.1.1/generic/int2ptr_ptr2int.h Examining data/tdbcmysql-1.1.1/generic/fakemysql.h Examining data/tdbcmysql-1.1.1/generic/mysqlStubInit.c Examining data/tdbcmysql-1.1.1/win/nmakehlp.c FINAL RESULTS: data/tdbcmysql-1.1.1/win/nmakehlp.c:33:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tdbcmysql-1.1.1/win/nmakehlp.c:33:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tdbcmysql-1.1.1/win/nmakehlp.c:250:5: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(cmdline, option); data/tdbcmysql-1.1.1/win/nmakehlp.c:388:2: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(cmdline, options[i]); data/tdbcmysql-1.1.1/win/nmakehlp.c:677:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(szBuffer); data/tdbcmysql-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcmysql-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcmysql-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcmysql-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcmysql-1.1.1/generic/fakemysql.h:185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_error[MYSQL_ERRMSG_SIZE]; data/tdbcmysql-1.1.1/generic/fakemysql.h:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[SQLSTATE_LENGTH+1]; data/tdbcmysql-1.1.1/generic/fakemysql.h:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scramble[SCRAMBLE_LENGTH+1]; data/tdbcmysql-1.1.1/generic/tdbcmysql.c:2333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[16]; data/tdbcmysql-1.1.1/generic/tdbcmysql.c:2344:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numbuf, "#%d", count); data/tdbcmysql-1.1.1/generic/tdbcmysql.c:3129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufPtr, paramValStr, len); data/tdbcmysql-1.1.1/win/nmakehlp.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STATICBUFFERSIZE]; data/tdbcmysql-1.1.1/win/nmakehlp.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/tdbcmysql-1.1.1/win/nmakehlp.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/tdbcmysql-1.1.1/win/nmakehlp.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/tdbcmysql-1.1.1/win/nmakehlp.c:244:5: [2] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch "); data/tdbcmysql-1.1.1/win/nmakehlp.c:256:5: [2] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. lstrcat(cmdline, " .\\nul"); data/tdbcmysql-1.1.1/win/nmakehlp.c:336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/tdbcmysql-1.1.1/win/nmakehlp.c:340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[255]; data/tdbcmysql-1.1.1/win/nmakehlp.c:380:5: [2] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. lstrcpy(cmdline, "link.exe -nologo "); data/tdbcmysql-1.1.1/win/nmakehlp.c:387:2: [2] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. lstrcat(cmdline, " \""); data/tdbcmysql-1.1.1/win/nmakehlp.c:507:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szBuffer[100]; data/tdbcmysql-1.1.1/win/nmakehlp.c:509:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "rt"); data/tdbcmysql-1.1.1/win/nmakehlp.c:540:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, p, q - p); data/tdbcmysql-1.1.1/win/nmakehlp.c:615:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szBuffer[1024], szCopy[1024]; data/tdbcmysql-1.1.1/win/nmakehlp.c:620:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rt"); data/tdbcmysql-1.1.1/win/nmakehlp.c:627:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sp = fopen(substitutions, "rt"); data/tdbcmysql-1.1.1/win/nmakehlp.c:674:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, szCopy, sizeof(szCopy)); data/tdbcmysql-1.1.1/win/nmakehlp.c:709:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCwd[MAX_PATH + 1]; data/tdbcmysql-1.1.1/win/nmakehlp.c:727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_PATH+1]; data/tdbcmysql-1.1.1/win/nmakehlp.c:389:2: [1] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant character. lstrcat(cmdline, "\""); data/tdbcmysql-1.1.1/win/nmakehlp.c:525:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(match); data/tdbcmysql-1.1.1/win/nmakehlp.c:671:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). op += strlen(p->key); data/tdbcmysql-1.1.1/win/nmakehlp.c:733:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen(dir); data/tdbcmysql-1.1.1/win/nmakehlp.c:736:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, dir, dirlen); data/tdbcmysql-1.1.1/win/nmakehlp.c:737:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(path+dirlen, "\\*", 3); /* Including terminating \0 */ data/tdbcmysql-1.1.1/win/nmakehlp.c:738:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen(keypath); data/tdbcmysql-1.1.1/win/nmakehlp.c:763:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sublen = strlen(finfo.cFileName); data/tdbcmysql-1.1.1/win/nmakehlp.c:766:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path+dirlen+1, finfo.cFileName, sublen); data/tdbcmysql-1.1.1/win/nmakehlp.c:768:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path+dirlen+1+sublen+1, keypath, keylen+1); ANALYSIS SUMMARY: Hits = 44 Lines analyzed = 5223 in approximately 0.13 seconds (39702 lines/second) Physical Source Lines of Code (SLOC) = 3408 Hits@level = [0] 13 [1] 10 [2] 25 [3] 4 [4] 5 [5] 0 Hits@level+ = [0+] 57 [1+] 44 [2+] 34 [3+] 9 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 16.7254 [1+] 12.9108 [2+] 9.97653 [3+] 2.64085 [4+] 1.46714 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.