Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xwrits-2.21/acconfig.h Examining data/xwrits-2.21/strerror.c Examining data/xwrits-2.21/fmalloc.c Examining data/xwrits-2.21/gif.h Examining data/xwrits-2.21/giffunc.c Examining data/xwrits-2.21/gifread.c Examining data/xwrits-2.21/gifx.h Examining data/xwrits-2.21/gifx.c Examining data/xwrits-2.21/xwrits.h Examining data/xwrits-2.21/clock.c Examining data/xwrits-2.21/hands.c Examining data/xwrits-2.21/lock.c Examining data/xwrits-2.21/main.c Examining data/xwrits-2.21/pictures.c Examining data/xwrits-2.21/warning.c Examining data/xwrits-2.21/giftoc.c Examining data/xwrits-2.21/schedule.c Examining data/xwrits-2.21/rest.c FINAL RESULTS: data/xwrits-2.21/giffunc.c:740:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, x, val); data/xwrits-2.21/giftoc.c:156:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ndirectory, "%s%c", directory, PATHNAME_SEPARATOR); data/xwrits-2.21/giftoc.c:181:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file_name, directory); data/xwrits-2.21/giftoc.c:182:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file_name, argv[0]); data/xwrits-2.21/lock.c:106:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cur_message, message); data/xwrits-2.21/main.c:144:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, val); data/xwrits-2.21/main.c:156:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, val); data/xwrits-2.21/main.c:167:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, val); data/xwrits-2.21/main.c:579:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s%s&%s", (ls ? o->slideshow_text : ""), data/xwrits-2.21/main.c:581:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(is, "%s%s&%sicon", (lis ? o->icon_slideshow_text : ""), data/xwrits-2.21/pictures.c:226:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, slideshowtext); data/xwrits-2.21/pictures.c:243:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, n + 1); data/xwrits-2.21/main.c:1152:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((getpid() + 1) * time(0)); data/xwrits-2.21/giffunc.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, s, l + 1); data/xwrits-2.21/giffunc.c:205:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_x, x, xlen); data/xwrits-2.21/giffunc.c:366:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, src->img[i], dest->width); data/xwrits-2.21/giffunc.c:378:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->compressed, src->compressed, src->compressed_len); data/xwrits-2.21/gifread.c:118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, grr->v, s); data/xwrits-2.21/gifread.c:444:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gfi->compressed, first, gfi->compressed_len); data/xwrits-2.21/gifread.c:830:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/xwrits-2.21/gifread.c:831:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown block type %d at file offset %d", block, gifgetoffset(grr) - 1); data/xwrits-2.21/giftoc.c:179:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1); data/xwrits-2.21/giftoc.c:183:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file_name, "rb"); data/xwrits-2.21/gifx.c:252:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixels + npixels, gfxc->pixels, gfxc->npixels); data/xwrits-2.21/hands.c:116:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *stringlist[2]; data/xwrits-2.21/lock.c:16:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[MAX_PASSWORD_SIZE]; data/xwrits-2.21/lock.c:78:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cur_message[MAX_MESSAGE_SIZE]; data/xwrits-2.21/lock.c:140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[MAX_MESSAGE_SIZE]; data/xwrits-2.21/lock.c:141:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(message, "Enter password to unlock screen"); data/xwrits-2.21/pictures.c:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/xwrits-2.21/pictures.c:219:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[BUFSIZ + 4]; data/xwrits-2.21/pictures.c:244:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (mono) strcat(name, "mono"); data/xwrits-2.21/pictures.c:262:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(n, "rb"); data/xwrits-2.21/schedule.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/xwrits-2.21/giffunc.c:143:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(s); data/xwrits-2.21/giffunc.c:190:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (xlen < 0) xlen = strlen(x); data/xwrits-2.21/giffunc.c:202:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (xlen < 0) xlen = strlen(x); data/xwrits-2.21/gifread.c:85:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int i = getc(grr->f); data/xwrits-2.21/giftoc.c:37:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/xwrits-2.21/giftoc.c:100:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/xwrits-2.21/giftoc.c:115:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/xwrits-2.21/giftoc.c:120:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/xwrits-2.21/giftoc.c:153:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (directory[ strlen(directory) - 1 ] != PATHNAME_SEPARATOR data/xwrits-2.21/giftoc.c:155:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ndirectory = (char *)fmalloc(strlen(directory) + 2); data/xwrits-2.21/giftoc.c:179:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1); data/xwrits-2.21/giftoc.c:179:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1); data/xwrits-2.21/giftoc.c:194:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = rec_name = (char *)fmalloc(strlen(sin) + 2); data/xwrits-2.21/lock.c:68:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(message); data/xwrits-2.21/lock.c:86:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (message ? strlen(message) : 0); data/xwrits-2.21/lock.c:143:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, pos = strlen(message); data/xwrits-2.21/main.c:573:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lbi = strlen(built_in); data/xwrits-2.21/main.c:574:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ls = (o->slideshow_text ? strlen(o->slideshow_text) : 0); data/xwrits-2.21/main.c:575:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lis = (o->icon_slideshow_text ? strlen(o->icon_slideshow_text) : 0); data/xwrits-2.21/main.c:1205:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lock_password) >= MAX_PASSWORD_SIZE) data/xwrits-2.21/pictures.c:225:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(slideshowtext) >= BUFSIZ) return 0; data/xwrits-2.21/pictures.c:245:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(name); ANALYSIS SUMMARY: Hits = 56 Lines analyzed = 7023 in approximately 0.17 seconds (40139 lines/second) Physical Source Lines of Code (SLOC) = 5335 Hits@level = [0] 31 [1] 22 [2] 21 [3] 1 [4] 12 [5] 0 Hits@level+ = [0+] 87 [1+] 56 [2+] 34 [3+] 13 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 16.3074 [1+] 10.4967 [2+] 6.37301 [3+] 2.43674 [4+] 2.2493 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.