Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xwrits-2.21/acconfig.h
Examining data/xwrits-2.21/strerror.c
Examining data/xwrits-2.21/fmalloc.c
Examining data/xwrits-2.21/gif.h
Examining data/xwrits-2.21/giffunc.c
Examining data/xwrits-2.21/gifread.c
Examining data/xwrits-2.21/gifx.h
Examining data/xwrits-2.21/gifx.c
Examining data/xwrits-2.21/xwrits.h
Examining data/xwrits-2.21/clock.c
Examining data/xwrits-2.21/hands.c
Examining data/xwrits-2.21/lock.c
Examining data/xwrits-2.21/main.c
Examining data/xwrits-2.21/pictures.c
Examining data/xwrits-2.21/warning.c
Examining data/xwrits-2.21/giftoc.c
Examining data/xwrits-2.21/schedule.c
Examining data/xwrits-2.21/rest.c
FINAL RESULTS:
data/xwrits-2.21/giffunc.c:740:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, x, val);
data/xwrits-2.21/giftoc.c:156:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ndirectory, "%s%c", directory, PATHNAME_SEPARATOR);
data/xwrits-2.21/giftoc.c:181:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_name, directory);
data/xwrits-2.21/giftoc.c:182:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file_name, argv[0]);
data/xwrits-2.21/lock.c:106:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_message, message);
data/xwrits-2.21/main.c:144:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, val);
data/xwrits-2.21/main.c:156:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, val);
data/xwrits-2.21/main.c:167:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, val);
data/xwrits-2.21/main.c:579:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s%s&%s", (ls ? o->slideshow_text : ""),
data/xwrits-2.21/main.c:581:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(is, "%s%s&%sicon", (lis ? o->icon_slideshow_text : ""),
data/xwrits-2.21/pictures.c:226:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, slideshowtext);
data/xwrits-2.21/pictures.c:243:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, n + 1);
data/xwrits-2.21/main.c:1152:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((getpid() + 1) * time(0));
data/xwrits-2.21/giffunc.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, s, l + 1);
data/xwrits-2.21/giffunc.c:205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_x, x, xlen);
data/xwrits-2.21/giffunc.c:366:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src->img[i], dest->width);
data/xwrits-2.21/giffunc.c:378:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->compressed, src->compressed, src->compressed_len);
data/xwrits-2.21/gifread.c:118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, grr->v, s);
data/xwrits-2.21/gifread.c:444:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gfi->compressed, first, gfi->compressed_len);
data/xwrits-2.21/gifread.c:830:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/xwrits-2.21/gifread.c:831:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown block type %d at file offset %d", block, gifgetoffset(grr) - 1);
data/xwrits-2.21/giftoc.c:179:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1);
data/xwrits-2.21/giftoc.c:183:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, "rb");
data/xwrits-2.21/gifx.c:252:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels + npixels, gfxc->pixels, gfxc->npixels);
data/xwrits-2.21/hands.c:116:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *stringlist[2];
data/xwrits-2.21/lock.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char password[MAX_PASSWORD_SIZE];
data/xwrits-2.21/lock.c:78:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cur_message[MAX_MESSAGE_SIZE];
data/xwrits-2.21/lock.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MESSAGE_SIZE];
data/xwrits-2.21/lock.c:141:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(message, "Enter password to unlock screen");
data/xwrits-2.21/pictures.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/xwrits-2.21/pictures.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BUFSIZ + 4];
data/xwrits-2.21/pictures.c:244:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mono) strcat(name, "mono");
data/xwrits-2.21/pictures.c:262:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(n, "rb");
data/xwrits-2.21/schedule.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/xwrits-2.21/giffunc.c:143:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/xwrits-2.21/giffunc.c:190:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xlen < 0) xlen = strlen(x);
data/xwrits-2.21/giffunc.c:202:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xlen < 0) xlen = strlen(x);
data/xwrits-2.21/gifread.c:85:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int i = getc(grr->f);
data/xwrits-2.21/giftoc.c:37:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xwrits-2.21/giftoc.c:100:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xwrits-2.21/giftoc.c:115:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xwrits-2.21/giftoc.c:120:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xwrits-2.21/giftoc.c:153:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (directory[ strlen(directory) - 1 ] != PATHNAME_SEPARATOR
data/xwrits-2.21/giftoc.c:155:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ndirectory = (char *)fmalloc(strlen(directory) + 2);
data/xwrits-2.21/giftoc.c:179:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1);
data/xwrits-2.21/giftoc.c:179:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1);
data/xwrits-2.21/giftoc.c:194:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sout = rec_name = (char *)fmalloc(strlen(sin) + 2);
data/xwrits-2.21/lock.c:68:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(message);
data/xwrits-2.21/lock.c:86:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (message ? strlen(message) : 0);
data/xwrits-2.21/lock.c:143:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, pos = strlen(message);
data/xwrits-2.21/main.c:573:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lbi = strlen(built_in);
data/xwrits-2.21/main.c:574:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ls = (o->slideshow_text ? strlen(o->slideshow_text) : 0);
data/xwrits-2.21/main.c:575:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lis = (o->icon_slideshow_text ? strlen(o->icon_slideshow_text) : 0);
data/xwrits-2.21/main.c:1205:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lock_password) >= MAX_PASSWORD_SIZE)
data/xwrits-2.21/pictures.c:225:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(slideshowtext) >= BUFSIZ) return 0;
data/xwrits-2.21/pictures.c:245:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(name);
ANALYSIS SUMMARY:
Hits = 56
Lines analyzed = 7023 in approximately 0.17 seconds (40139 lines/second)
Physical Source Lines of Code (SLOC) = 5335
Hits@level = [0] 31 [1] 22 [2] 21 [3] 1 [4] 12 [5] 0
Hits@level+ = [0+] 87 [1+] 56 [2+] 34 [3+] 13 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 16.3074 [1+] 10.4967 [2+] 6.37301 [3+] 2.43674 [4+] 2.2493 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.