Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yajl-2.1.0/example/parse_config.c
Examining data/yajl-2.1.0/perf/documents.c
Examining data/yajl-2.1.0/perf/documents.h
Examining data/yajl-2.1.0/perf/perftest.c
Examining data/yajl-2.1.0/reformatter/json_reformat.c
Examining data/yajl-2.1.0/src/api/yajl_common.h
Examining data/yajl-2.1.0/src/api/yajl_gen.h
Examining data/yajl-2.1.0/src/api/yajl_parse.h
Examining data/yajl-2.1.0/src/api/yajl_tree.h
Examining data/yajl-2.1.0/src/yajl.c
Examining data/yajl-2.1.0/src/yajl_alloc.c
Examining data/yajl-2.1.0/src/yajl_alloc.h
Examining data/yajl-2.1.0/src/yajl_buf.c
Examining data/yajl-2.1.0/src/yajl_buf.h
Examining data/yajl-2.1.0/src/yajl_bytestack.h
Examining data/yajl-2.1.0/src/yajl_encode.c
Examining data/yajl-2.1.0/src/yajl_encode.h
Examining data/yajl-2.1.0/src/yajl_gen.c
Examining data/yajl-2.1.0/src/yajl_lex.c
Examining data/yajl-2.1.0/src/yajl_lex.h
Examining data/yajl-2.1.0/src/yajl_parser.c
Examining data/yajl-2.1.0/src/yajl_parser.h
Examining data/yajl-2.1.0/src/yajl_tree.c
Examining data/yajl-2.1.0/src/yajl_version.c
Examining data/yajl-2.1.0/test/api/gen-extra-close.c
Examining data/yajl-2.1.0/test/parsing/yajl_test.c
Examining data/yajl-2.1.0/verify/json_verify.c
FINAL RESULTS:
data/yajl-2.1.0/src/yajl_parser.c:96:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) str, errorType);
data/yajl-2.1.0/src/yajl_parser.c:100:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) str, errorText);
data/yajl-2.1.0/src/yajl_parser.c:137:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, (char *) str);
data/yajl-2.1.0/src/yajl_parser.c:138:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, text);
data/yajl-2.1.0/src/yajl_parser.c:139:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, arrow);
data/yajl-2.1.0/src/yajl_tree.c:29:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/yajl-2.1.0/src/yajl_tree.c:55:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ((ctx)->errbuf, (ctx)->errbuf_size, __VA_ARGS__); \
data/yajl-2.1.0/example/parse_config.c:22:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fileData[65536];
data/yajl-2.1.0/example/parse_config.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/yajl-2.1.0/reformatter/json_reformat.c:124:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fileData[65536];
data/yajl-2.1.0/src/yajl.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &(hand->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
data/yajl-2.1.0/src/yajl_buf.c:76:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->used, data, len);
data/yajl-2.1.0/src/yajl_encode.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexBuf[7];
data/yajl-2.1.0/src/yajl_encode.c:124:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8Buf[5];
data/yajl-2.1.0/src/yajl_gen.c:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &(g->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
data/yajl-2.1.0/src/yajl_gen.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[32];
data/yajl-2.1.0/src/yajl_gen.c:213:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(i, "%lld", number);
data/yajl-2.1.0/src/yajl_gen.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[32];
data/yajl-2.1.0/src/yajl_gen.c:233:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(i, "%.20g", number);
data/yajl-2.1.0/src/yajl_gen.c:235:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(i, ".0");
data/yajl-2.1.0/src/yajl_lex.c:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char charLookupTable[256] =
data/yajl-2.1.0/src/yajl_parser.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[72];
data/yajl-2.1.0/src/yajl_parser.c:97:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((char *) str, " error");
data/yajl-2.1.0/src/yajl_parser.c:99:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((char *) str, ": ");
data/yajl-2.1.0/src/yajl_tree.c:286:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.string, string, string_length);
data/yajl-2.1.0/src/yajl_tree.c:307:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.number.r, string, string_length);
data/yajl-2.1.0/test/parsing/yajl_test.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, stringVal, stringLen);
data/yajl-2.1.0/test/parsing/yajl_test.c:212:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bufSize = atoi(argv[i]);
data/yajl-2.1.0/test/parsing/yajl_test.c:241:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName, "r");
data/yajl-2.1.0/verify/json_verify.c:42:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fileData[65536];
data/yajl-2.1.0/example/parse_config.c:52:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errbuf)) fprintf(stderr, " %s", errbuf);
data/yajl-2.1.0/perf/documents.c:1416:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
do { sz += strlen(*p); } while(*(++p));
data/yajl-2.1.0/perf/perftest.c:73:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat = yajl_parse(hand, (unsigned char *) *d, strlen(*d));
data/yajl-2.1.0/perf/perftest.c:83:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*d ? strlen(*d) : 0));
data/yajl-2.1.0/reformatter/json_reformat.c:142:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((a < argc) && (argv[a][0] == '-') && (strlen(argv[a]) > 1)) {
data/yajl-2.1.0/reformatter/json_reformat.c:144:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=1; i < strlen(argv[a]); i++) {
data/yajl-2.1.0/src/yajl_encode.c:69:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print(ctx, escaped, (unsigned int)strlen(escaped));
data/yajl-2.1.0/src/yajl_encode.c:171:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_buf_append(buf, unescaped, (unsigned int)strlen(unescaped));
data/yajl-2.1.0/src/yajl_gen.c:133:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sep != NULL) g->print(g->ctx, sep, strlen(sep));
data/yajl-2.1.0/src/yajl_gen.c:160:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int)strlen(g->indentString)); \
data/yajl-2.1.0/src/yajl_gen.c:214:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, i, (unsigned int)strlen(i));
data/yajl-2.1.0/src/yajl_gen.c:234:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(i, "0123456789-") == strlen(i)) {
data/yajl-2.1.0/src/yajl_gen.c:237:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, i, (unsigned int)strlen(i));
data/yajl-2.1.0/src/yajl_gen.c:278:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, "null", strlen("null"));
data/yajl-2.1.0/src/yajl_gen.c:290:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, val, (unsigned int)strlen(val));
data/yajl-2.1.0/src/yajl_parser.c:87:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(errorType);
data/yajl-2.1.0/src/yajl_parser.c:88:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(" error");
data/yajl-2.1.0/src/yajl_parser.c:90:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(": ");
data/yajl-2.1.0/src/yajl_parser.c:91:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(errorText);
data/yajl-2.1.0/src/yajl_parser.c:102:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char *) str, "\n");
data/yajl-2.1.0/src/yajl_parser.c:132:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YA_MALLOC(&(hand->alloc), (unsigned int)(strlen((char *) str) +
data/yajl-2.1.0/src/yajl_parser.c:133:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) text) +
data/yajl-2.1.0/src/yajl_parser.c:134:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(arrow) + 1));
data/yajl-2.1.0/src/yajl_tree.c:314:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(v->u.number.r));
data/yajl-2.1.0/src/yajl_tree.c:437:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (input));
data/yajl-2.1.0/src/yajl_tree.c:443:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(input));
data/yajl-2.1.0/test/parsing/yajl_test.c:205:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0;j<(int)strlen(argv[i]);j++) {
data/yajl-2.1.0/verify/json_verify.c:51:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((a < argc) && (argv[a][0] == '-') && (strlen(argv[a]) > 1)) {
data/yajl-2.1.0/verify/json_verify.c:53:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=1; i < strlen(argv[a]); i++) {
ANALYSIS SUMMARY:
Hits = 59
Lines analyzed = 6013 in approximately 0.26 seconds (23240 lines/second)
Physical Source Lines of Code (SLOC) = 4426
Hits@level = [0] 49 [1] 29 [2] 23 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 108 [1+] 59 [2+] 30 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 24.4013 [1+] 13.3303 [2+] 6.77813 [3+] 1.58156 [4+] 1.58156 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.