Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yforth-0.2.1/block.c
Examining data/yforth-0.2.1/block.h
Examining data/yforth-0.2.1/blocke.c
Examining data/yforth-0.2.1/blocke.h
Examining data/yforth-0.2.1/config.h
Examining data/yforth-0.2.1/core.c
Examining data/yforth-0.2.1/core.h
Examining data/yforth-0.2.1/coree.c
Examining data/yforth-0.2.1/coree.h
Examining data/yforth-0.2.1/defaults.h
Examining data/yforth-0.2.1/division.c
Examining data/yforth-0.2.1/double.c
Examining data/yforth-0.2.1/double.h
Examining data/yforth-0.2.1/doublee.c
Examining data/yforth-0.2.1/doublee.h
Examining data/yforth-0.2.1/errors.h
Examining data/yforth-0.2.1/exceptio.c
Examining data/yforth-0.2.1/exceptio.h
Examining data/yforth-0.2.1/facility.c
Examining data/yforth-0.2.1/facility.h
Examining data/yforth-0.2.1/file.c
Examining data/yforth-0.2.1/file.h
Examining data/yforth-0.2.1/filee.c
Examining data/yforth-0.2.1/filee.h
Examining data/yforth-0.2.1/float.c
Examining data/yforth-0.2.1/float.h
Examining data/yforth-0.2.1/floate.c
Examining data/yforth-0.2.1/floate.h
Examining data/yforth-0.2.1/locals.c
Examining data/yforth-0.2.1/locals.h
Examining data/yforth-0.2.1/localse.c
Examining data/yforth-0.2.1/localse.h
Examining data/yforth-0.2.1/macro.h
Examining data/yforth-0.2.1/memall.c
Examining data/yforth-0.2.1/memall.h
Examining data/yforth-0.2.1/search.c
Examining data/yforth-0.2.1/search.h
Examining data/yforth-0.2.1/searche.c
Examining data/yforth-0.2.1/searche.h
Examining data/yforth-0.2.1/string.c
Examining data/yforth-0.2.1/string.h
Examining data/yforth-0.2.1/tools.c
Examining data/yforth-0.2.1/tools.h
Examining data/yforth-0.2.1/toolse.c
Examining data/yforth-0.2.1/toolse.h
Examining data/yforth-0.2.1/udio.c
Examining data/yforth-0.2.1/udio.h
Examining data/yforth-0.2.1/ver.h
Examining data/yforth-0.2.1/vm.c
Examining data/yforth-0.2.1/ycore.c
Examining data/yforth-0.2.1/ycore.h
Examining data/yforth-0.2.1/yfinit.c
Examining data/yforth-0.2.1/yforth.c
Examining data/yforth-0.2.1/yforth.h
Examining data/yforth-0.2.1/yfvinit.c
FINAL RESULTS:
data/yforth-0.2.1/filee.c:61:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_name2, file_name);
data/yforth-0.2.1/ycore.c:78:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
*sp = system(s_tmp_buffer);
data/yforth-0.2.1/ycore.h:45:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
code(system, "system", 0)
data/yforth-0.2.1/yfvinit.c:182:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*dp + 1, iv[i].name); /* ...and then the actual name */
data/yforth-0.2.1/block.c:127:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
block_file = fopen(name, "r+b");
data/yforth-0.2.1/block.c:128:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!block_file) block_file = fopen(name, "r+b");
data/yforth-0.2.1/core.c:1110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_tmp_buffer, _dp, *_dp + 1);
data/yforth-0.2.1/coree.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dp, &vm, sizeof(struct voc_marker));
data/yforth-0.2.1/division.c:23:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("div.h", "wt");
data/yforth-0.2.1/file.c:63:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, file_mode[fam]);
data/yforth-0.2.1/file.c:132:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, file_mode[fam]);
data/yforth-0.2.1/file.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_name, buffer, u);
data/yforth-0.2.1/filee.c:42:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, "rb");
data/yforth-0.2.1/float.c:39:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_tmp_buffer, s, len);
data/yforth-0.2.1/float.c:193:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/yforth-0.2.1/float.c:206:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%0.*f", sp[0], x);
data/yforth-0.2.1/locals.c:129:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->name + 1, s, u);
data/yforth-0.2.1/ycore.c:45:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(get_file_name(), "wb");
data/yforth-0.2.1/ycore.c:50:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hd.header, "yForth? Image File\n");
data/yforth-0.2.1/ycore.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_tmp_buffer, name, len);
data/yforth-0.2.1/yforth.c:77:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': dspace_size = atoi(argv[i] + 2); break;
data/yforth-0.2.1/yforth.c:78:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': dstack_size = atoi(argv[i] + 2); break;
data/yforth-0.2.1/yforth.c:79:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': rstack_size = atoi(argv[i] + 2); break;
data/yforth-0.2.1/yforth.c:80:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'f': fstack_size = atoi(argv[i] + 2); break;
data/yforth-0.2.1/yforth.c:81:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': tib_size = atoi(argv[i] + 2); break;
data/yforth-0.2.1/yforth.c:82:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': pad_size = atoi(argv[i] + 2); break;
data/yforth-0.2.1/yforth.c:126:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(name, "rb");
data/yforth-0.2.1/yforth.c:164:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else fopen(argv[0], "rb");
data/yforth-0.2.1/core.c:677:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getchar();
data/yforth-0.2.1/coree.c:210:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_in_input_buffer = strlen(_input_buffer);
data/yforth-0.2.1/file.c:109:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_in_input_buffer = strlen(_input_buffer);
data/yforth-0.2.1/file.c:159:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/yforth-0.2.1/file.c:245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*--sp = strlen(name);
data/yforth-0.2.1/filee.c:59:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_name2 = (Char *) malloc(strlen(file_name) + 1);
data/yforth-0.2.1/float.c:207:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((Char *) sp[1], buf + 2, sp[0]);
data/yforth-0.2.1/yfvinit.c:181:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
**dp = strlen(iv[i].name); /* first copy length... */
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 6683 in approximately 0.22 seconds (29797 lines/second)
Physical Source Lines of Code (SLOC) = 4419
Hits@level = [0] 35 [1] 8 [2] 24 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 71 [1+] 36 [2+] 28 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 16.067 [1+] 8.14664 [2+] 6.33628 [3+] 0.905182 [4+] 0.905182 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.