Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xchm-1.31/src/chm_lib.c
Examining data/xchm-1.31/src/chmapp.cpp
Examining data/xchm-1.31/src/chmapp.h
Examining data/xchm-1.31/src/chmfile.cpp
Examining data/xchm-1.31/src/chmfile.h
Examining data/xchm-1.31/src/chmfinddialog.cpp
Examining data/xchm-1.31/src/chmfinddialog.h
Examining data/xchm-1.31/src/chmfontdialog.cpp
Examining data/xchm-1.31/src/chmfontdialog.h
Examining data/xchm-1.31/src/chmframe.cpp
Examining data/xchm-1.31/src/chmframe.h
Examining data/xchm-1.31/src/chmfshandler.cpp
Examining data/xchm-1.31/src/chmfshandler.h
Examining data/xchm-1.31/src/chmhtmlnotebook.cpp
Examining data/xchm-1.31/src/chmhtmlnotebook.h
Examining data/xchm-1.31/src/chmhtmlwindow.cpp
Examining data/xchm-1.31/src/chmhtmlwindow.h
Examining data/xchm-1.31/src/chmindexpanel.cpp
Examining data/xchm-1.31/src/chmindexpanel.h
Examining data/xchm-1.31/src/chminputstream.cpp
Examining data/xchm-1.31/src/chminputstream.h
Examining data/xchm-1.31/src/chmlistctrl.cpp
Examining data/xchm-1.31/src/chmlistctrl.h
Examining data/xchm-1.31/src/chmsearchpanel.cpp
Examining data/xchm-1.31/src/chmsearchpanel.h
Examining data/xchm-1.31/src/hhcparser.cpp
Examining data/xchm-1.31/src/hhcparser.h
Examining data/xchm-1.31/src/lzx.c
Examining data/xchm-1.31/src/lzx.h
Examining data/xchm-1.31/src/wxstringutils.h
Examining data/xchm-1.31/src/xchm_chm_lib.h
FINAL RESULTS:
data/xchm-1.31/src/chm_lib.c:93:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(a)); \
data/xchm-1.31/src/chm_lib.c:96:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(a)); \
data/xchm-1.31/src/chm_lib.c:817:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&newHandle->mutex);
data/xchm-1.31/src/chm_lib.c:818:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&newHandle->lzx_mutex);
data/xchm-1.31/src/chm_lib.c:819:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&newHandle->cache_mutex);
data/xchm-1.31/src/chm_lib.c:185:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy __builtin_memcpy
data/xchm-1.31/src/chm_lib.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, (*pData), count);
data/xchm-1.31/src/chm_lib.c:226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, (*pData), count);
data/xchm-1.31/src/chm_lib.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (ITSF) */
data/xchm-1.31/src/chm_lib.c:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (ITSP) */
data/xchm-1.31/src/chm_lib.c:480:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char _chm_pmgl_marker[4] = "PMGL";
data/xchm-1.31/src/chm_lib.c:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (PMGL) */
data/xchm-1.31/src/chm_lib.c:514:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char _chm_pmgi_marker[4] = "PMGI";
data/xchm-1.31/src/chm_lib.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (PMGI) */
data/xchm-1.31/src/chm_lib.c:584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 4 (LZXC) */
data/xchm-1.31/src/chm_lib.c:757:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sbuffer[256];
data/xchm-1.31/src/chm_lib.c:807:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newHandle->fd=open(filename, O_RDONLY)) == CHM_NULL_FD)
data/xchm-1.31/src/chm_lib.c:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHM_MAX_PATHLEN+1];
data/xchm-1.31/src/chm_lib.c:1220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHM_MAX_PATHLEN+1];
data/xchm-1.31/src/chm_lib.c:1533:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,
data/xchm-1.31/src/chm_lib.c:1554:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ubuffer+nOffset, (unsigned int)nLen);
data/xchm-1.31/src/chm_lib.c:1768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefixRectified[CHM_MAX_PATHLEN+1];
data/xchm-1.31/src/chm_lib.c:1770:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastPath[CHM_MAX_PATHLEN+1];
data/xchm-1.31/src/chmfile.cpp:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUF_SIZE] {};
data/xchm-1.31/src/chmfile.cpp:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUF_SIZE] {};
data/xchm-1.31/src/chmfile.cpp:653:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[FTS_HEADER_LEN];
data/xchm-1.31/src/chmfile.cpp:698:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wrd_buf[0], &buffer[i + 2], word_len - 1);
data/xchm-1.31/src/chmfile.cpp:798:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wrd_buf[0], &buffer[i + 2], word_len - 1);
data/xchm-1.31/src/chmfile.cpp:830:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char entry[TOPICS_ENTRY_LEN];
data/xchm-1.31/src/chmfile.cpp:833:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char combuf[COMMON_BUF_LEN];
data/xchm-1.31/src/chmfile.cpp:913:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUF_SIZE];
data/xchm-1.31/src/chmfile.cpp:976:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUF_SIZE] {};
data/xchm-1.31/src/chmhtmlwindow.cpp:290:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/xchm-1.31/src/lzx.c:38:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy __builtin_memcpy
data/xchm-1.31/src/lzx.c:715:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(window + window_posn, inpos, (size_t) this_run);
data/xchm-1.31/src/lzx.c:727:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outpos, window + ((!window_posn) ? window_size : window_posn) - outlen, (size_t) outlen);
data/xchm-1.31/src/lzx.c:777:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w = atoi(v[1]);
data/xchm-1.31/src/lzx.c:779:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(v[2], "wb");
data/xchm-1.31/src/lzx.c:782:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(v[i], "rb");
data/xchm-1.31/src/wxstringutils.h:76:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/xchm-1.31/src/wxstringutils.h:77:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[2] {};
data/xchm-1.31/src/xchm_chm_lib.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[CHM_MAX_PATHLEN+1];
data/xchm-1.31/src/chm_lib.c:186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen __builtin_strlen
data/xchm-1.31/src/chm_lib.c:735:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readLen = read(h->fd, buf, len);
data/xchm-1.31/src/chm_lib.c:740:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readLen = read(h->fd, buf, len);
data/xchm-1.31/src/chm_lib.c:1682:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ui_path_len = strlen(ui.path)-1;
data/xchm-1.31/src/chm_lib.c:1780:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefixRectified, prefix, CHM_MAX_PATHLEN);
data/xchm-1.31/src/chm_lib.c:1782:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixLen = strlen(prefixRectified);
data/xchm-1.31/src/chm_lib.c:1858:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastPath, ui.path, CHM_MAX_PATHLEN);
data/xchm-1.31/src/chm_lib.c:1860:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastPathLen = strlen(lastPath);
data/xchm-1.31/src/chm_lib.c:1863:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ui_path_len = strlen(ui.path)-1;
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 8874 in approximately 0.23 seconds (37950 lines/second)
Physical Source Lines of Code (SLOC) = 5734
Hits@level = [0] 11 [1] 9 [2] 37 [3] 5 [4] 0 [5] 0
Hits@level+ = [0+] 62 [1+] 51 [2+] 42 [3+] 5 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 10.8127 [1+] 8.89431 [2+] 7.32473 [3+] 0.871992 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.