Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yorick-ml4-0.6.0/ml4.c
Examining data/yorick-ml4-0.6.0/ml4.h
FINAL RESULTS:
data/yorick-ml4-0.6.0/ml4.c:172:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"%s could not be opened because of reason %d",fullname,errno);;
data/yorick-ml4-0.6.0/ml4.c:176:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matfile[i],fullname);
data/yorick-ml4-0.6.0/ml4.c:263:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matfile[i],fullname);
data/yorick-ml4-0.6.0/ml4.c:770:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(a->value.q[varnum],"%30s %s array [%d,%d]",varname, \
data/yorick-ml4-0.6.0/ml4.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char matfile[MAXFILES][256]={{0}};
data/yorick-ml4-0.6.0/ml4.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fullname[256]={0};
data/yorick-ml4-0.6.0/ml4.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tempvarname[256] = {0};
data/yorick-ml4-0.6.0/ml4.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[100];
data/yorick-ml4-0.6.0/ml4.c:171:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fs=fopen(fullname,mode))==NULL) {
data/yorick-ml4-0.6.0/ml4.c:258:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fs=fopen(fullname,"r"))==NULL) {
data/yorick-ml4-0.6.0/ml4.c:422:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"Unknown type %d",type);
data/yorick-ml4-0.6.0/ml4.c:586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[82];
data/yorick-ml4-0.6.0/ml4.c:589:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=fopen(file,"rt");
data/yorick-ml4-0.6.0/ml4.c:619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[80];
data/yorick-ml4-0.6.0/ml4.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[200];
data/yorick-ml4-0.6.0/ml4.c:667:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Precision specification not available");
data/yorick-ml4-0.6.0/ml4.c:711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[80];
data/yorick-ml4-0.6.0/ml4.c:763:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"Unknown data type %d",type);
data/yorick-ml4-0.6.0/ml4.c:869:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Swapped[16];
data/yorick-ml4-0.6.0/ml4.c:203:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen=strlen(varname)+1;
data/yorick-ml4-0.6.0/ml4.c:231:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = matout(filename,varname,string,1,strlen(string),'t',mode,'L');
data/yorick-ml4-0.6.0/ml4.c:415:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DEBUG) printf("strlen: %d\n",strlen((void *)a->value.q[0]));
data/yorick-ml4-0.6.0/ml4.c:592:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p,variable,strlen(variable))) continue;
data/yorick-ml4-0.6.0/ml4.c:821:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n1 = strlen(var);
data/yorick-ml4-0.6.0/ml4.c:826:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n2 = strlen(match);
ANALYSIS SUMMARY:
Hits = 25
Lines analyzed = 972 in approximately 0.04 seconds (24511 lines/second)
Physical Source Lines of Code (SLOC) = 689
Hits@level = [0] 43 [1] 6 [2] 15 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 68 [1+] 25 [2+] 19 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 98.6938 [1+] 36.2845 [2+] 27.5762 [3+] 5.80552 [4+] 5.80552 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.