Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/wxedid-0.0.21/src/CEA_class.cpp
Examining data/wxedid-0.0.21/src/CEA_EXT_class.cpp
Examining data/wxedid-0.0.21/src/EDID.h
Examining data/wxedid-0.0.21/src/debug.h
Examining data/wxedid-0.0.21/src/config.h
Examining data/wxedid-0.0.21/src/def_types.h
Examining data/wxedid-0.0.21/src/EDID_class.h
Examining data/wxedid-0.0.21/src/guilog.h
Examining data/wxedid-0.0.21/src/CEA_EXT.h
Examining data/wxedid-0.0.21/src/wxEDID_App.h
Examining data/wxedid-0.0.21/src/CEA.h
Examining data/wxedid-0.0.21/src/EDID_class.cpp
Examining data/wxedid-0.0.21/src/wxEDID_App.cpp
Examining data/wxedid-0.0.21/src/guilog.cpp
Examining data/wxedid-0.0.21/src/svd_vidfmt.h
Examining data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.h
Examining data/wxedid-0.0.21/src/returncode/rcd_scp.tmp.c
Examining data/wxedid-0.0.21/src/returncode/rcd_scp_ptr.tmp.h
Examining data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c
Examining data/wxedid-0.0.21/src/returncode/rcd_scp.tmp.h
Examining data/wxedid-0.0.21/src/returncode/rcode.h
Examining data/wxedid-0.0.21/src/returncode/rcd_fn_bm.tmp.c
Examining data/wxedid-0.0.21/src/returncode/rcd_scp_dm.tmp.c
Examining data/wxedid-0.0.21/src/wxEDID_Main.h
Examining data/wxedid-0.0.21/src/rcdunits.h
Examining data/wxedid-0.0.21/src/wxEDID_Main.cpp
FINAL RESULTS:
data/wxedid-0.0.21/src/debug.h:72:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(__debug_dbg0_fd, __VA_ARGS__)
data/wxedid-0.0.21/src/debug.h:83:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(__debug_dbg1_fd, __VA_ARGS__)
data/wxedid-0.0.21/src/debug.h:94:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(__debug_dbg2_fd, __VA_ARGS__)
data/wxedid-0.0.21/src/debug.h:103:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(__debug_dbg2_fd, __VA_ARGS__)
data/wxedid-0.0.21/src/debug.h:109:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(__debug_err_fd, __VA_ARGS__)
data/wxedid-0.0.21/src/debug.h:112:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(__debug_log_fd, __VA_ARGS__)
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:255:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(vmsg->msg_buf, RCD_VMSG_MAX_SZ, fmt, argp );
data/wxedid-0.0.21/src/CEA_EXT.h:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svd_num[8];
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:138:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:878:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, mtd_hdr, (n_fld * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1056:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, CEA_BlkHdr_fields, (CEA_BlkHdr_fcount * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1060:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, &SVR_code_fld, edi_fld_sz );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1199:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, CEA_BlkHdr_fields, (CEA_BlkHdr_fcount * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1207:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, &bitmap_fld, edi_fld_sz );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1348:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) fields, p_fld, (fcount * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1660:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1705:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, blkhdr, (blkhdr_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_EXT_class.cpp:1827:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, CEA_BlkHdr_fields, (fcount * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:147:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, &unknown_byte_fld, sizeof(edi_field_t) );
data/wxedid-0.0.21/src/CEA_class.cpp:508:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte0_afc1_14, (byte0_afc1_14_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:514:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte0_afc1_14, (byte0_afc1_14_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:521:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte0_afc15_ace11_12, (byte0_afc15_ace11_12_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:528:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte0_afc15_ace13, (byte0_afc15_ace13_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:542:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte1_afc1_14_ace11, (byte1_afc1_14_ace11_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:548:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte1_afc15_ace456810, (byte1_afc15_ace456810_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:553:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte1_afc15_ace12_fsmp, (byte1_afc15_ace12_fsmp_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:558:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte1_afc15_ace13, (byte1_afc15_ace13_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:572:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc1, (byte2_afc1_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:578:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc2_8, (byte2_afc2_8_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:584:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc9_13, (byte2_afc9_13_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:590:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc14, (byte2_afc14_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:597:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc15_ace456, (byte2_afc15_ace456_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:603:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc15_ace8_10, (byte2_afc15_ace8_10_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:609:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc15_ace11_12, (byte2_afc15_ace11_12_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:615:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, byte2_afc15_ace13, (byte2_afc15_ace13_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/CEA_class.cpp:1082:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) p_fld, CEA_BlkHdr_fields, (fcount * edi_fld_sz) );
data/wxedid-0.0.21/src/EDID_class.cpp:631:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chbit[12]; chbit[11] = 0;
data/wxedid-0.0.21/src/EDID_class.cpp:735:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuff[maxl+1];
data/wxedid-0.0.21/src/EDID_class.cpp:750:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cbuff, sval.ToAscii(), sval.Len());
data/wxedid-0.0.21/src/EDID_class.cpp:982:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuff[4];
data/wxedid-0.0.21/src/EDID_class.cpp:1001:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cbuff, sval.ToAscii(), 3);
data/wxedid-0.0.21/src/EDID_class.cpp:1236:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) fields, in_digital, (in_digital_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/EDID_class.cpp:1239:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) fields, in_analog, (in_analog_fcnt * edi_fld_sz) );
data/wxedid-0.0.21/src/EDID_class.cpp:2681:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) &pfld->field, &field_arr[itf], sizeof(edi_field_t) );
data/wxedid-0.0.21/src/guilog.h:24:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcd_msg_buff[msg_buf_sz];
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[64];
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:126:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rscp->base_name, (size_t) len); //base name
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:134:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p_un->un_dir, (size_t) len); //unit dir
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:137:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p_un->un_file, (size_t) len); //file name
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:158:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, msg, (size_t) mlen); //message
data/wxedid-0.0.21/src/returncode/rcd_fn.tmp.c:234:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_sz];
data/wxedid-0.0.21/src/returncode/rcode.h:304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buf[RCD_VMSG_MAX_SZ];
data/wxedid-0.0.21/src/wxEDID_App.cpp:92:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (! cfg_file.Open(cfg_str, wxFile::read) ) {
data/wxedid-0.0.21/src/wxEDID_Main.cpp:1205:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (! file.Open(tmps, wxFile::read) ) RCD_RETURN_FAULT(retU);
data/wxedid-0.0.21/src/wxEDID_Main.cpp:1328:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpi = (16 - strlen(p_field->field.name));
data/wxedid-0.0.21/src/wxEDID_Main.cpp:1567:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (! file.Open(tmps, wxFile::read) ) RCD_RETURN_FAULT(retU);
ANALYSIS SUMMARY:
Hits = 57
Lines analyzed = 12595 in approximately 0.36 seconds (35388 lines/second)
Physical Source Lines of Code (SLOC) = 9412
Hits@level = [0] 3 [1] 4 [2] 46 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 60 [1+] 57 [2+] 53 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 6.37484 [1+] 6.0561 [2+] 5.63111 [3+] 0.743731 [4+] 0.743731 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.