Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vsdump-0.0.45/config.h
Examining data/vsdump-0.0.45/src/vsd_parse_cmds.c
Examining data/vsdump-0.0.45/src/vsd_inflate.c
Examining data/vsdump-0.0.45/src/vsd_pointers.c
Examining data/vsdump-0.0.45/src/vsd_dump_stream_c.c
Examining data/vsdump-0.0.45/src/vsd_parse_blocks.h
Examining data/vsdump-0.0.45/src/vsdump.h
Examining data/vsdump-0.0.45/src/vsd_utils.h
Examining data/vsdump-0.0.45/src/vsd_parse_chunks.c
Examining data/vsdump-0.0.45/src/vsd_dump_stream_23.c
Examining data/vsdump-0.0.45/src/vsd_parse_blocks.c
Examining data/vsdump-0.0.45/src/vsdump.c
Examining data/vsdump-0.0.45/src/vsd_parse_chunks.h
Examining data/vsdump-0.0.45/src/vsd_dump_stream_15.c
Examining data/vsdump-0.0.45/src/names.h
Examining data/vsdump-0.0.45/src/vsd_dump_stream_23.h
Examining data/vsdump-0.0.45/src/vsd_dump_stream_c.h
Examining data/vsdump-0.0.45/src/vsd_parse_cmds.h
Examining data/vsdump-0.0.45/src/vsd_dump_stream_15.h
Examining data/vsdump-0.0.45/src/vsd_pointers.h
Examining data/vsdump-0.0.45/src/vsd_fonts_colors_parse.c
Examining data/vsdump-0.0.45/src/vsd_utils.c
Examining data/vsdump-0.0.45/src/vsd_fonts_colors_parse.h
Examining data/vsdump-0.0.45/src/vsd_inflate.h
FINAL RESULTS:
data/vsdump-0.0.45/src/vsd_parse_blocks.c:159:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formula, name75[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:264:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formula,"ThePage!%s", name75[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:267:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formula,"Sheet.%d!%s", GSF_LE_GET_GUINT32(stream->data + *offset + 5), name75[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:296:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formula, namefunc[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:317:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formula, namefunc[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:345:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formula, namefunc[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:355:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formula, namefunc[idx]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:553:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*stack[tokens],"%s",tmp);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:585:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*stack[tokens], "%s()", tmp);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:592:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*stack[tokens], "%s()", tmp);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:597:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*stack[tokens], "%s(%s", tmp, *stack[tokens-argnum]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:605:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*stack[tokens],"%s",tmp);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:610:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s)", *stack[tokens]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:614:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*stack[tokens],"%s",tmp);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:133:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1, stream->data + *offset + 2, len+1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:142:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "%d", stream->data[*offset + 1]);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:148:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "%%");
data/vsdump-0.0.45/src/vsd_parse_blocks.c:152:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "%d", GSF_LE_GET_GUINT16(stream->data + *offset + 1));
data/vsdump-0.0.45/src/vsd_parse_blocks.c:396:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "IF");
data/vsdump-0.0.45/src/vsd_parse_blocks.c:404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "AND");
data/vsdump-0.0.45/src/vsd_parse_blocks.c:412:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "OR");
data/vsdump-0.0.45/src/vsd_parse_blocks.c:439:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formula, "%g", GSF_LE_GET_DOUBLE(stream->data + *offset + 1));
data/vsdump-0.0.45/src/vsd_parse_blocks.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **stack[256];
data/vsdump-0.0.45/src/vsd_parse_chunks.c:209:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
image = fopen(fullname, "a"); /* open it to append */
data/vsdump-0.0.45/src/vsd_parse_chunks.c:332:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(units, "Unit=\"MM\"");
data/vsdump-0.0.45/src/vsd_parse_chunks.c:335:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(units, "Unit=\"DT\"");
data/vsdump-0.0.45/src/vsd_parse_chunks.c:338:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(units, "Unit=\"PT\"");
data/vsdump-0.0.45/src/vsd_parse_chunks.c:341:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(units, "Unit=\"IN_F\"");
data/vsdump-0.0.45/src/vsd_parse_chunks.c:344:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(units, "Unit=\"DA\"");
data/vsdump-0.0.45/src/vsd_parse_chunks.c:347:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(units, "Unit=\"DEG\"");
data/vsdump-0.0.45/src/vsd_parse_cmds.c:55:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(NULL==(ftbl = fopen("chunks_parse_cmds.tbl", "r"))){
data/vsdump-0.0.45/src/vsd_parse_cmds.c:65:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch_type = atoi(s+6);
data/vsdump-0.0.45/src/vsd_parse_cmds.c:74:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vaep->type = atoi(v[0]);
data/vsdump-0.0.45/src/vsd_parse_cmds.c:75:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vaep->offset = atoi(v[1]);
data/vsdump-0.0.45/src/vsd_pointers.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, decomp->data + i*16+offset, 2);
data/vsdump-0.0.45/src/vsd_pointers.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, decomp->data + i*16+offset + 2, 2);
data/vsdump-0.0.45/src/vsd_pointers.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i*16+offset + 4, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i*16+offset + 8, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i*16+offset + 12, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i + 4, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i + 8, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, decomp->data + i + 12, 4);
data/vsdump-0.0.45/src/vsd_pointers.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, decomp->data + i + 16, 2);
data/vsdump-0.0.45/src/vsd_utils.c:38:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fullname, "w");
data/vsdump-0.0.45/src/vsd_parse_blocks.c:158:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formula = malloc(strlen(name75[idx]) + 1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:261:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formula = malloc(15+strlen(name75[idx]));
data/vsdump-0.0.45/src/vsd_parse_blocks.c:295:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formula = malloc(strlen(namefunc[idx]) + 1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:316:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formula = malloc(strlen(namefunc[idx]) + 1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:344:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formula = malloc(strlen(namefunc[idx]) + 1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:354:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formula = malloc(strlen(namefunc[idx]) + 1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:552:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stack[tokens] = g_malloc(strlen(tmp)+1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:584:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stack[tokens] = g_malloc(strlen(tmp)+5);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:596:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stack[tokens] = g_malloc(strlen(tmp)+2+strlen(*stack[tokens-argnum]));
data/vsdump-0.0.45/src/vsd_parse_blocks.c:596:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stack[tokens] = g_malloc(strlen(tmp)+2+strlen(*stack[tokens-argnum]));
data/vsdump-0.0.45/src/vsd_parse_blocks.c:604:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stack[tokens] = g_malloc(strlen(tmp)+1);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:609:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = g_malloc(strlen(*stack[tokens])+2);
data/vsdump-0.0.45/src/vsd_parse_blocks.c:613:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stack[tokens] = g_malloc(strlen(tmp)+1);
data/vsdump-0.0.45/src/vsd_parse_chunks.c:350:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(units, "");
data/vsdump-0.0.45/src/vsd_parse_cmds.c:71:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[2]= g_strndup(v[2], strlen(v[2])-1);
data/vsdump-0.0.45/src/vsd_parse_cmds.c:73:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = g_strndup(v[2], strlen(v[2])-1);
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 2436 in approximately 0.13 seconds (18072 lines/second)
Physical Source Lines of Code (SLOC) = 1878
Hits@level = [0] 39 [1] 16 [2] 31 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 100 [1+] 61 [2+] 45 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 53.2481 [1+] 32.4814 [2+] 23.9617 [3+] 7.45474 [4+] 7.45474 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.