Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/writerperfect-0.9.6/src/lib/UsageHelper.cxx Examining data/writerperfect-0.9.6/src/lib/UserOptions.cxx Examining data/writerperfect-0.9.6/src/lib/OutputFileHelper.cxx Examining data/writerperfect-0.9.6/src/lib/WPWrapper.cxx Examining data/writerperfect-0.9.6/src/lib/StringXMLSerializer.cxx Examining data/writerperfect-0.9.6/src/lib/FemtoZip.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperZMF.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperABW.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperMWAW.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperWPS.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperMSPUB.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperWPG.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperFREEHAND.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperQXP.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperETONYEK.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperPAGEMAKER.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperCDR.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperWPD.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperEBOOK.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperSTAROFFICE.cxx Examining data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperVISIO.cxx Examining data/writerperfect-0.9.6/src/conv/epub/wps2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/cmx2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/zmf2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/ebook2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/fh2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/EpubPackage.cxx Examining data/writerperfect-0.9.6/src/conv/epub/wpft2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/vsd2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/qxp2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/wpg2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/EpubConverter.cxx Examining data/writerperfect-0.9.6/src/conv/epub/sd2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/pub2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/cdr2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/vss2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/mwaw2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/wpd2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/pages2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/abw2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/pmd2epub.cxx Examining data/writerperfect-0.9.6/src/conv/epub/key2epub.cxx Examining data/writerperfect-0.9.6/src/conv/odf/cdr2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/qxp2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfWrapperSTAROFFICE.cxx Examining data/writerperfect-0.9.6/src/conv/odf/wpft2odf.cxx Examining data/writerperfect-0.9.6/src/conv/odf/zmf2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfConverter.cxx Examining data/writerperfect-0.9.6/src/conv/odf/sd2odf.cxx Examining data/writerperfect-0.9.6/src/conv/odf/vsd2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/vss2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/numbers2ods.cxx Examining data/writerperfect-0.9.6/src/conv/odf/key2odp.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfWrapperWPS.cxx Examining data/writerperfect-0.9.6/src/conv/odf/wpg2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/wpd2odt.cxx Examining data/writerperfect-0.9.6/src/conv/odf/pages2odt.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfPackage.cxx Examining data/writerperfect-0.9.6/src/conv/odf/mwaw2odf.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfWrapper.cxx Examining data/writerperfect-0.9.6/src/conv/odf/pub2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/abw2odt.cxx Examining data/writerperfect-0.9.6/src/conv/odf/wps2odt.cxx Examining data/writerperfect-0.9.6/src/conv/odf/pmd2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfWrapperWPD.cxx Examining data/writerperfect-0.9.6/src/conv/odf/fh2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfWrapperMWAW.cxx Examining data/writerperfect-0.9.6/src/conv/odf/wks2ods.cxx Examining data/writerperfect-0.9.6/src/conv/odf/cmx2odg.cxx Examining data/writerperfect-0.9.6/src/conv/odf/OdfWrapperMSPUB.cxx Examining data/writerperfect-0.9.6/src/conv/odf/ebook2odt.cxx Examining data/writerperfect-0.9.6/src/conv/abw/sd2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWWrapperSTAROFFICE.cxx Examining data/writerperfect-0.9.6/src/conv/abw/wps2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWWrapperWPS.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWStringDocumentHandler.cxx Examining data/writerperfect-0.9.6/src/conv/abw/mwaw2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/abw2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/pages2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/wpft2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ebook2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWWrapper.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWWrapperWPD.cxx Examining data/writerperfect-0.9.6/src/conv/abw/wpd2abw.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWWrapperMWAW.cxx Examining data/writerperfect-0.9.6/src/conv/abw/ABWConverter.cxx FINAL RESULTS: data/writerperfect-0.9.6/src/lib/FemtoZip.cxx:48:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define FZ_DEBUG(M) printf M data/writerperfect-0.9.6/src/lib/StringXMLSerializer.cxx:77:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. m_openedTagName.sprintf("%s", psName); data/writerperfect-0.9.6/src/conv/abw/ABWStringDocumentHandler.cxx:60:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fhandle = fopen(output, "wb"); data/writerperfect-0.9.6/src/conv/abw/ABWWrapper.cxx:60:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. output.append((unsigned char *)svgOutput[0].cstr(), strlen(svgOutput[0].cstr())); data/writerperfect-0.9.6/src/conv/odf/OdfWrapper.cxx:80:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. output.append((unsigned char *)svgOutput[0].cstr(), strlen(svgOutput[0].cstr())); data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperETONYEK.cxx:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *(extensions[3])= {".key", ".numbers", ".pages"}; data/writerperfect-0.9.6/src/lib/FemtoZip.cxx:174:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[46]; data/writerperfect-0.9.6/src/lib/FemtoZip.cxx:185:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fhandle = fopen(zipfile, "wb"); data/writerperfect-0.9.6/src/conv/abw/ABWStringDocumentHandler.cxx:58:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (output && strlen(output)) data/writerperfect-0.9.6/src/conv/abw/ABWWrapper.cxx:59:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output.append((unsigned char *)svgHeader, strlen(svgHeader)); data/writerperfect-0.9.6/src/conv/abw/ABWWrapper.cxx:60:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output.append((unsigned char *)svgOutput[0].cstr(), strlen(svgOutput[0].cstr())); data/writerperfect-0.9.6/src/conv/odf/OdfWrapper.cxx:79:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output.append((unsigned char *)svgHeader, strlen(svgHeader)); data/writerperfect-0.9.6/src/conv/odf/OdfWrapper.cxx:80:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output.append((unsigned char *)svgOutput[0].cstr(), strlen(svgOutput[0].cstr())); data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperMWAW.cxx:72:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *read(unsigned long numBytes, unsigned long &numBytesRead); data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperMWAW.cxx:143:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *StringStream::read(unsigned long numBytes, unsigned long &numBytesRead) data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperMWAW.cxx:220:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *read(unsigned long, unsigned long &) data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperMWAW.cxx:375:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *buf=input.read(46, numBytesRead); data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperWPS.cxx:71:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *read(unsigned long, unsigned long &) data/writerperfect-0.9.6/src/conv/wrapper/WPWrapperWPS.cxx:174:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const unsigned char *data=input.read(6, numBytesRead); data/writerperfect-0.9.6/src/lib/FemtoZip.cxx:225:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(entry->name); data/writerperfect-0.9.6/src/lib/FemtoZip.cxx:363:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(entry->name); data/writerperfect-0.9.6/src/lib/FemtoZip.cxx:591:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->writeData(strlen(str), str); data/writerperfect-0.9.6/src/lib/OutputFileHelper.cxx:164:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return writeChildFile(childFileName, reinterpret_cast<const unsigned char *>(str), std::strlen(str)); ANALYSIS SUMMARY: Hits = 23 Lines analyzed = 6902 in approximately 0.27 seconds (25588 lines/second) Physical Source Lines of Code (SLOC) = 4075 Hits@level = [0] 36 [1] 15 [2] 6 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 59 [1+] 23 [2+] 8 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 14.4785 [1+] 5.64417 [2+] 1.96319 [3+] 0.490798 [4+] 0.490798 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.