Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/wbxml2-0.10.7/doxygen/doxygen.h Examining data/wbxml2-0.10.7/win32/expat/expat.h Examining data/wbxml2-0.10.7/win32/leaktrack/lt_log.h Examining data/wbxml2-0.10.7/win32/leaktrack/leaktrack.h Examining data/wbxml2-0.10.7/tools/attgetopt.c Examining data/wbxml2-0.10.7/tools/xml2wbxml_tool.c Examining data/wbxml2-0.10.7/tools/wbxml2xml_tool.c Examining data/wbxml2-0.10.7/tools/getopt.h Examining data/wbxml2-0.10.7/src/wbxml_charset.c Examining data/wbxml2-0.10.7/src/wbxml_log.c Examining data/wbxml2-0.10.7/src/wbxml_buffers.h Examining data/wbxml2-0.10.7/src/wbxml_charset.h Examining data/wbxml2-0.10.7/src/wbxml_tree.h Examining data/wbxml2-0.10.7/src/wbxml_mem.h Examining data/wbxml2-0.10.7/src/wbxml_tree_clb_xml.c Examining data/wbxml2-0.10.7/src/wbxml_tree_clb_wbxml.h Examining data/wbxml2-0.10.7/src/wbxml_base64.h Examining data/wbxml2-0.10.7/src/wbxml_wrap_syncml.c Examining data/wbxml2-0.10.7/src/wbxml_tree.c Examining data/wbxml2-0.10.7/src/wbxml_tree_clb_wbxml.c Examining data/wbxml2-0.10.7/src/wbxml_lists.h Examining data/wbxml2-0.10.7/src/wbxml_wrap_syncml.h Examining data/wbxml2-0.10.7/src/wbxml_tables.h Examining data/wbxml2-0.10.7/src/wbxml_parser.c Examining data/wbxml2-0.10.7/src/wbxml_lists.c Examining data/wbxml2-0.10.7/src/wbxml_mem.c Examining data/wbxml2-0.10.7/src/wbxml_base64.c Examining data/wbxml2-0.10.7/src/wbxml_parser.h Examining data/wbxml2-0.10.7/src/wbxml_buffers.c Examining data/wbxml2-0.10.7/src/wbxml_errors.h Examining data/wbxml2-0.10.7/src/wbxml_tree_clb_xml.h Examining data/wbxml2-0.10.7/src/wbxml_conv.c Examining data/wbxml2-0.10.7/src/wbxml_encoder.h Examining data/wbxml2-0.10.7/src/wbxml_elt.c Examining data/wbxml2-0.10.7/src/wbxml.h Examining data/wbxml2-0.10.7/src/wbxml_elt.h Examining data/wbxml2-0.10.7/src/wbxml_errors.c Examining data/wbxml2-0.10.7/src/wbxml_tables.c Examining data/wbxml2-0.10.7/src/wbxml_handlers.h Examining data/wbxml2-0.10.7/src/wbxml_conv.h Examining data/wbxml2-0.10.7/src/wbxml_encoder.c Examining data/wbxml2-0.10.7/src/wbxml_log.h Examining data/wbxml2-0.10.7/symbian/libwbxmldll.cpp Examining data/wbxml2-0.10.7/macosx/expat/xmlrole.c Examining data/wbxml2-0.10.7/macosx/expat/xmlrole.h Examining data/wbxml2-0.10.7/macosx/expat/latin1tab.h Examining data/wbxml2-0.10.7/macosx/expat/expat_config.h Examining data/wbxml2-0.10.7/macosx/expat/ascii.h Examining data/wbxml2-0.10.7/macosx/expat/xmltok_ns.c Examining data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c Examining data/wbxml2-0.10.7/macosx/expat/xmltok.h Examining data/wbxml2-0.10.7/macosx/expat/asciitab.h Examining data/wbxml2-0.10.7/macosx/expat/xmlparse.c Examining data/wbxml2-0.10.7/macosx/expat/xmltok_impl.h Examining data/wbxml2-0.10.7/macosx/expat/internal.h Examining data/wbxml2-0.10.7/macosx/expat/iasciitab.h Examining data/wbxml2-0.10.7/macosx/expat/expat.h Examining data/wbxml2-0.10.7/macosx/expat/nametab.h Examining data/wbxml2-0.10.7/macosx/expat/xmltok.c Examining data/wbxml2-0.10.7/macosx/expat/utf8tab.h Examining data/wbxml2-0.10.7/test/test_parser.c FINAL RESULTS: data/wbxml2-0.10.7/src/wbxml_log.c:66:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, buf, args); data/wbxml2-0.10.7/src/wbxml_log.c:78:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, buf, args); data/wbxml2-0.10.7/src/wbxml_log.c:90:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, buf, args); data/wbxml2-0.10.7/src/wbxml_log.c:111:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "%s> ", get_type(type)); data/wbxml2-0.10.7/src/wbxml_log.c:118:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s\n", prefix, fmt); data/wbxml2-0.10.7/src/wbxml_parser.c:2815:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((WB_TINY *) result, data/wbxml2-0.10.7/src/wbxml_parser.c:2827:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((WB_TINY *) result, data/wbxml2-0.10.7/src/wbxml_parser.c:2832:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((WB_TINY *) result, data/wbxml2-0.10.7/tools/getopt.h:17:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define wbxml_getopt getopt data/wbxml2-0.10.7/macosx/expat/xmlparse.c:87:24: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memmove(d,s,l) bcopy((s),(d),(l)) data/wbxml2-0.10.7/macosx/expat/xmlparse.c:179:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). XML_Bool open; data/wbxml2-0.10.7/macosx/expat/xmlparse.c:1421:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, end, nLeftOver); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:1433:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, s, len); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:1508:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, &bufferPtr[-keep], bufferEnd - bufferPtr + keep); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:1520:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, bufferPtr, bufferEnd - bufferPtr); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:1766:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rawNameBuf, tag->rawName, tag->rawNameLength); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:1999:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) data/wbxml2-0.10.7/macosx/expat/xmlparse.c:2583:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri, binding->uri, binding->uriLen * sizeof(XML_Char)); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:2591:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri, localPart, i * sizeof(XML_Char)); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:2595:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri + 1, binding->prefix->name, prefixLen * sizeof(XML_Char)); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:2643:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b->uri, uri, len * sizeof(XML_Char)); data/wbxml2-0.10.7/macosx/expat/xmlparse.c:2865:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encodingBuf[128]; data/wbxml2-0.10.7/macosx/expat/xmlparse.c:3928:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) data/wbxml2-0.10.7/macosx/expat/xmlparse.c:4351:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) { data/wbxml2-0.10.7/macosx/expat/xmlparse.c:4438:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) { data/wbxml2-0.10.7/macosx/expat/xmlparse.c:4846:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!e->open) data/wbxml2-0.10.7/macosx/expat/xmlparse.c:5527:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pool->blocks->s, pool->start, data/wbxml2-0.10.7/macosx/expat/xmlparse.c:5563:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tem->s, pool->start, data/wbxml2-0.10.7/macosx/expat/xmltok.c:169:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char type[256]; data/wbxml2-0.10.7/macosx/expat/xmltok.c:935:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/wbxml2-0.10.7/macosx/expat/xmltok.c:970:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). char open; data/wbxml2-0.10.7/macosx/expat/xmltok.c:1029:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (c == open) data/wbxml2-0.10.7/macosx/expat/xmltok.c:1237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[256][4]; data/wbxml2-0.10.7/macosx/expat/xmltok.c:1282:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[XML_UTF8_ENCODE_MAX]; data/wbxml2-0.10.7/macosx/expat/xmltok.c:1339:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)mem)[i] = ((char *)&latin1_encoding)[i]; data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c:573:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open; data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c:584:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). switch (open) { data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c:601:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (t == open) data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c:937:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). PREFIX(scanLit)(int open, const ENCODING *enc, data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c:948:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (t != open) data/wbxml2-0.10.7/macosx/expat/xmltok_impl.c:1497:60: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). || BYTE_TYPE(enc, ptr + MINBPC(enc)) == open)) data/wbxml2-0.10.7/macosx/expat/xmltok_ns.c:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ENCODING_MAX]; data/wbxml2-0.10.7/src/wbxml_base64.c:41:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char pr2six[256] = data/wbxml2-0.10.7/src/wbxml_buffers.c:98:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data, data, len); data/wbxml2-0.10.7/src/wbxml_buffers.c:751:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data + pos, data, len); data/wbxml2-0.10.7/src/wbxml_encoder.c:1459:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*wbxml, wbxml_buffer_get_cstr(header), wbxml_buffer_len(header)); data/wbxml2-0.10.7/src/wbxml_encoder.c:1462:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*wbxml + wbxml_buffer_len(header), wbxml_buffer_get_cstr(encoder->output), wbxml_buffer_len(encoder->output)); data/wbxml2-0.10.7/src/wbxml_encoder.c:3034:30: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). the_int = (WB_ULONG) atol((const WB_TINY *) buffer); data/wbxml2-0.10.7/src/wbxml_encoder.c:4003:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*xml, wbxml_buffer_get_cstr(header), wbxml_buffer_len(header)); data/wbxml2-0.10.7/src/wbxml_encoder.c:4006:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*xml + wbxml_buffer_len(header), wbxml_buffer_get_cstr(encoder->output), wbxml_buffer_len(encoder->output)); data/wbxml2-0.10.7/src/wbxml_log.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[WBXML_LOG_FORMAT_SIZE]; data/wbxml2-0.10.7/src/wbxml_log.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[WBXML_LOG_FORMAT_SIZE]; data/wbxml2-0.10.7/src/wbxml_log.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[WBXML_LOG_FORMAT_SIZE]; data/wbxml2-0.10.7/src/wbxml_log.c:114:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "(LOG MESSAGE TOO LONG !)\n"); data/wbxml2-0.10.7/src/wbxml_parser.c:1547:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext + len, var_begin, WBXML_STRLEN(var_begin)); data/wbxml2-0.10.7/src/wbxml_parser.c:1551:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext + len, wbxml_buffer_get_cstr(var_value), wbxml_buffer_len(var_value)); data/wbxml2-0.10.7/src/wbxml_parser.c:1561:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext + len, escape, WBXML_STRLEN(escape)); data/wbxml2-0.10.7/src/wbxml_parser.c:1568:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext + len, unesc, WBXML_STRLEN(unesc)); data/wbxml2-0.10.7/src/wbxml_parser.c:1575:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext + len, noesc, WBXML_STRLEN(noesc)); data/wbxml2-0.10.7/src/wbxml_parser.c:1584:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ext + len, var_end, WBXML_STRLEN(var_end)); data/wbxml2-0.10.7/src/wbxml_parser.c:2726:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((WB_TINY *)tmp, "%u", the_int); data/wbxml2-0.10.7/src/wbxml_parser.c:2788:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(the_year, "%u", the_value); data/wbxml2-0.10.7/src/wbxml_parser.c:2792:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(the_month, "%02u", the_value); data/wbxml2-0.10.7/src/wbxml_parser.c:2796:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(the_date, "%02u", the_value); data/wbxml2-0.10.7/src/wbxml_parser.c:2800:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(the_hour, "%02u", the_value); data/wbxml2-0.10.7/src/wbxml_parser.c:2804:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(the_minute, "%02u", the_value); data/wbxml2-0.10.7/src/wbxml_parser.c:2808:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(the_second, "%02u", the_value); data/wbxml2-0.10.7/test/test_parser.c:159:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((input_file = fopen(argv[1], "rb")) == NULL) { data/wbxml2-0.10.7/test/test_parser.c:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbxml + wbxml_len, input_buffer, count); data/wbxml2-0.10.7/tools/wbxml2xml_tool.c:249:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.indent = (WB_UTINY) atoi((const WB_TINY*)optarg); data/wbxml2-0.10.7/tools/wbxml2xml_tool.c:255:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi((const WB_TINY*)optarg)) { data/wbxml2-0.10.7/tools/wbxml2xml_tool.c:300:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). input_file = fopen(argv[optind], "rb"); data/wbxml2-0.10.7/tools/wbxml2xml_tool.c:330:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbxml + wbxml_len, input_buffer, count); data/wbxml2-0.10.7/tools/wbxml2xml_tool.c:351:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_file = fopen((const WB_TINY*) output, "w"); data/wbxml2-0.10.7/tools/xml2wbxml_tool.c:151:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). input_file = fopen(argv[optind], "r"); data/wbxml2-0.10.7/tools/xml2wbxml_tool.c:179:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xml + xml_len, input_buffer, count); data/wbxml2-0.10.7/tools/xml2wbxml_tool.c:202:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_file = fopen((const WB_TINY*) output, "wb"); data/wbxml2-0.10.7/src/wbxml.h:84:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define WBXML_STRLEN(a) strlen((const WB_TINY*)a) data/wbxml2-0.10.7/src/wbxml_tree.c:1161:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namespace_name = name + strlen((const WB_TINY *) name); ANALYSIS SUMMARY: Hits = 79 Lines analyzed = 34282 in approximately 0.87 seconds (39308 lines/second) Physical Source Lines of Code (SLOC) = 22657 Hits@level = [0] 101 [1] 2 [2] 68 [3] 1 [4] 8 [5] 0 Hits@level+ = [0+] 180 [1+] 79 [2+] 77 [3+] 9 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 7.94456 [1+] 3.48678 [2+] 3.39851 [3+] 0.397228 [4+] 0.353092 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.