Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tinyxml2-8.0.0+dfsg/contrib/html5-printer.cpp
Examining data/tinyxml2-8.0.0+dfsg/xmltest.cpp
Examining data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp
Examining data/tinyxml2-8.0.0+dfsg/tinyxml2.h
FINAL RESULTS:
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:63:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define TIXML_SNPRINTF _snprintf
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:65:23: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define TIXML_SSCANF sscanf
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:92:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define TIXML_SNPRINTF snprintf
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:93:26: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define TIXML_VSNPRINTF vsnprintf
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:96:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int len = vsnprintf( 0, 0, format, va );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:100:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define TIXML_SSCANF sscanf
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2547:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( _fp, format, va );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:336:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( "Error opening test file 'dream.xml'.\n"
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( _start, str, len+1 );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:311:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buflen] = { 0 };
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:323:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( q, buf, len );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1398:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char endTag[2] = { *p, 0 };
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1491:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1514:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1654:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1684:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2247:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen( filepath, mode );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2401:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( _charBuffer, p, len );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2570:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, data, size );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2833:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2849:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2857:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/tinyxml2-8.0.0+dfsg/tinyxml2.h:312:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( newMem, _mem, sizeof(T)*_size ); // warning: not using constructors, only works for PODs
data/tinyxml2-8.0.0+dfsg/tinyxml2.h:448:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itemData[ITEM_SIZE];
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedAsString[64];
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foundAsString[64];
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:334:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen( "resources/dream.xml", "r" );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:694:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* saved = fopen( "resources/out/utf8testout.xml", "r" );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:697:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* verify = fopen( "resources/utf8testverify.xml", "r" );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:703:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verifyBuf[256];
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savedBuf[256];
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:963:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* printerfp = fopen("resources/out/printer.xml", "w");
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:1001:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp1 = fopen("resources/out/printer_1.xml", "w");
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:1176:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* textfile = fopen( textFilePath, "w" );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:1186:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
textfile = fopen( textFilePath, "r" );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:1190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:2476:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* perfFP = fopen("resources/dream.xml", "r");
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:184:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen( str );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:201:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen( endTag );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:1113:18: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ( mismatch ) {
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2317:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( fgetc( fp ) == EOF && ferror( fp ) != 0 ) {
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2346:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read != size ) {
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2397:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( p );
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2445:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buffer);
data/tinyxml2-8.0.0+dfsg/tinyxml2.cpp:2447:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/tinyxml2-8.0.0+dfsg/tinyxml2.h:2330:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inline void Write( const char* data ) { Write( data, strlen( data ) ); }
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:1596:53: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
XMLTest( "Infinite loop in shallow equal.", true, equal );
data/tinyxml2-8.0.0+dfsg/xmltest.cpp:2190:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLTest( "ErrorName() not empty after ClearError()", true, strlen(name) > 0 );
ANALYSIS SUMMARY:
Hits = 68
Lines analyzed = 7976 in approximately 0.19 seconds (41486 lines/second)
Physical Source Lines of Code (SLOC) = 5573
Hits@level = [0] 30 [1] 11 [2] 49 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 98 [1+] 68 [2+] 57 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 17.5848 [1+] 12.2017 [2+] 10.2279 [3+] 1.43549 [4+] 1.43549 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.