stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/unison-2.51+4.11.1-2.51.3/src/bytearray_stubs.c
Examining data/unison-2.51+4.11.1-2.51.3/src/fsmonitor/linux/inotify_stubs.c
Examining data/unison-2.51+4.11.1-2.51.3/src/fsmonitor/windows/shortnames_stubs.c
Examining data/unison-2.51+4.11.1-2.51.3/src/lwt/lwt_unix_stubs.c
Examining data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c
Examining data/unison-2.51+4.11.1-2.51.3/src/pty.c
Examining data/unison-2.51+4.11.1-2.51.3/src/system/system_win_stubs.c
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/Bridge.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ColorGradientView.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ImageAndTextCell.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/MyController.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/NotificationController.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/PreferencesController.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ProfileController.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ProfileTableView.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ProgressCell.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ReconItem.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ReconTableView.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/UnisonToolbar.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/cltool.c
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ssselectabletoolbar/SSSelectableToolbar.h
Examining data/unison-2.51+4.11.1-2.51.3/src/uimac/ssselectabletoolbar/SSSelectableToolbarItem.h
Examining data/unison-2.51+4.11.1-2.51.3/src/winmain.c

FINAL RESULTS:

data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c:118:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    r = chmod(String_val(path), st.st_mode | S_IWUSR);
data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c:124:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(String_val(path), st.st_mode);
data/unison-2.51+4.11.1-2.51.3/src/uimac/cltool.c:52:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(buf,EXECPATH);
data/unison-2.51+4.11.1-2.51.3/src/uimac/cltool.c:62:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  execv(argv[0],argv);
data/unison-2.51+4.11.1-2.51.3/src/bytearray_stubs.c:38:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dest, src, Long_val(l));
data/unison-2.51+4.11.1-2.51.3/src/bytearray_stubs.c:47:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dest, src, Long_val(l));
data/unison-2.51+4.11.1-2.51.3/src/fsmonitor/linux/inotify_stubs.c:132:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&ev, String_val(buf), sizeof(struct inotify_event));
data/unison-2.51+4.11.1-2.51.3/src/lwt/lwt_unix_stubs.c:53:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dest, src, Long_val(l));
data/unison-2.51+4.11.1-2.51.3/src/lwt/lwt_unix_stubs.c:62:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dest, src, Long_val(l));
data/unison-2.51+4.11.1-2.51.3/src/lwt/lwt_unix_stubs.c:73:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * action_name[5] = {
data/unison-2.51+4.11.1-2.51.3/src/lwt/lwt_unix_stubs.c:121:7:  [2] (buffer) CopyMemory:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      CopyMemory (queue, complQueue, complQueueSize * sizeof(completionInfo));
data/unison-2.51+4.11.1-2.51.3/src/lwt/lwt_unix_stubs.c:488:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(name, "\\\\.\\Pipe\\UnisonAnonPipe.%08lx.%08lx",
data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      finderInfo [32];
data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c:68:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (String_val (fInfo), attrBuf.finderInfo, 32);
data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c:96:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      finderInfo [32];
data/unison-2.51+4.11.1-2.51.3/src/osxsupport.c:107:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (attrBuf.finderInfo, String_val (fInfo), 32);
data/unison-2.51+4.11.1-2.51.3/src/system/system_win_stubs.c:314:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t s[NT_MAX_PATH];
data/unison-2.51+4.11.1-2.51.3/src/system/system_win_stubs.c:452:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t fullname [MAX_PATH];
data/unison-2.51+4.11.1-2.51.3/src/uimac/cltool.c:29:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[BUFSIZE];
data/unison-2.51+4.11.1-2.51.3/src/fsmonitor/windows/shortnames_stubs.c:35:13:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = 2 * wcslen(s) + 2;  /* NULL character included */
data/unison-2.51+4.11.1-2.51.3/src/system/system_win_stubs.c:31:13:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = 2 * wcslen(s) + 2;  /* NULL character included */
data/unison-2.51+4.11.1-2.51.3/src/uimac/cltool.c:47:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(buf);
data/unison-2.51+4.11.1-2.51.3/src/uimac/cltool.c:48:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (len + strlen(EXECPATH) + 1 > BUFSIZE) {

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 2362 in approximately 0.11 seconds (21895 lines/second)
Physical Source Lines of Code (SLOC) = 1755
Hits@level = [0]  32 [1]   4 [2]  15 [3]   0 [4]   2 [5]   2
Hits@level+ = [0+]  55 [1+]  23 [2+]  19 [3+]   4 [4+]   4 [5+]   2
Hits/KSLOC@level+ = [0+] 31.339 [1+] 13.1054 [2+] 10.8262 [3+] 2.2792 [4+] 2.2792 [5+] 1.1396
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.