wine-git/include/tchar.h:204:  [3] - (tmpfile) tmpnam: Temporary file race condition.
wine-git/dlls/cryptnet/tests/cryptnet.c:257:  [2] - (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g. older System V systems).
wine-git/include/msvcrt/stdio.h:246:  [3] - (tmpfile) tempnam: Temporary file race condition.
wine-git/include/tchar.h:176:  [4] - (tmpfile) mktemp: Temporary file race condition.
wine-git/dlls/kernel32/tests/loader.c:253:  [3] - (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g. if run as SYSTEM in many versions of Windows).
wine-git/dlls/kernel32/process.c:2024:  [4] - (shell) WinExec: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/dlls/advapi32/security.c:1940:  [4] - (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/dlls/shell32/tests/shlexec.c:114:  [4] - (shell) ShellExecute: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/include/msvcrt/stdio.h:245:  [4] - (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/include/msvcrt/process.h:123:  [4] - (shell) execv: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/dlls/secur32/dispatcher.c:104:  [4] - (shell) execvp: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/dlls/gdi32/printdrv16.c:360:  [4] - (shell) execl: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/programs/winedbg/gdbproxy.c:2155:  [4] - (shell) execlp: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/include/msvcrt/process.h:134:  [4] - (shell) execle: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
wine-git/programs/winedbg/tgt_active.c:739:  [3] - (shell) CreateProcess: This causes a new process to execute and is difficult to use safely. Specify the application path in the first argument NOT as part of the second or embedded spaces could allow an attacker to force a different program to run.
wine-git/include/winbase.h:1382:  [3] - (shell) CreateProcessAsUser: This causes a new process to execute and is difficult to use safely. Especially watch out for embedded spaces.
wine-git/programs/winemine/main.c:555:  [3] - (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
wine-git/dlls/winecoreaudio.drv/audio.c:651:  [3] - (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
wine-git/libs/wine/mmap.c:124:  [2] - (race) vfork: On some old systems vfork() permits race conditions and it's very difficult to use correctly. Use fork() instead.
wine-git/dlls/kernel32/volume.c:91:  [5] - (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content a race condition results. Also it does not terminate with ASCII NUL. Reconsider approach.
wine-git/tools/winegcc/utils.c:201:  [5] - (race) chmod: This accepts filename arguments; if an attacker can move those files a race condition results. . Use fchmod( ) instead.
wine-git/dlls/advapi32/lsa.c:151:  [4] - (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g. by moving files) the attacker can exploit the race condition. Set up the correct permissions (e.g. using setuid()) and try to open the file directly.
wine-git/dlls/avicap32/avicap32_main.c:116:  [1] - (port) snprintf: On some very old systems snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation or use something else.
wine-git/server/request.c:647:  [1] - (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep() alarm() setitimer() and nanosleep() is unspecified. Use nanosleep(2) or setitimer(2) instead.
wine-git/dlls/advapi32/tests/security.c:2362:  [5] - (misc) SetSecurityDescriptorDacl: Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access) which would even forbid administrator access.
wine-git/dlls/advapi32/crypt.c:2289:  [2] - (misc) open: Check when opening files - can an attacker redirect it (via symlinks) force the opening of special file type (e.g. device files) move things around to create a race condition control its ancestors or change its contents?.
wine-git/dlls/kernel32/tests/loader.c:435:  [3] - (misc) LoadLibraryEx: Ensure that the full path to the library is specified or current directory may be used. Use registry entry or GetWindowsDirectory to find library path if you aren't already.
wine-git/dlls/atl/atl_main.c:80:  [3] - (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead.
wine-git/tools/wrc/writeres.c:53:  [2] - (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks) force the opening of special file type (e.g. device files) move things around to create a race condition control its ancestors or change its contents?.
wine-git/dlls/advapi32/service.c:2259:  [3] - (misc) EnterCriticalSection: On some versions of Windows exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead.
wine-git/include/winbase.h:1268:  [3] - (misc) AddAccessAllowedAce: This doesn't set the inheritance bits in the access control entry (ACE) header. Make sure that you set inheritance by hand if you wish it to inherit.
wine-git/include/msvcrt/stdio.h:228:  [4] - (format) vwprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/include/tchar.h:214:  [4] - (format) _vtprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/include/msvcrt/stdio.h:227:  [4] - (format) vswprintf: Potential format string problem. Make format string constant.
wine-git/include/msvcrt/stdio.h:190:  [4] - (format) vsprintf: Potential format string problem. Make format string constant.
wine-git/include/tchar.h:212:  [4] - (format) _vsntprintf: If format strings can be influenced by an attacker they can be exploited and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
wine-git/tools/winegcc/utils.c:87:  [4] - (format) vsnprintf: If format strings can be influenced by an attacker they can be exploited and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
wine-git/include/msvcrt/stdio.h:189:  [4] - (format) vprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/include/tchar.h:211:  [4] - (format) vfwprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/include/tchar.h:211:  [4] - (format) _vftprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/dlls/ntdll/server.c:118:  [4] - (format) vfprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/include/msvcrt/wchar.h:348:  [4] - (format) swprintf: Potential format string problem. Make format string constant.
wine-git/programs/winefile/winefile.c:2049:  [4] - (format) _stprintf: Potential format string problem. Make format string constant.
wine-git/tools/widl/parser.tab.c:5715:  [4] - (format) sprintf: Potential format string problem. Make format string constant.
wine-git/include/tchar.h:98:  [4] - (format) _sntprintf: If format strings can be influenced by an attacker they can be exploited and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
wine-git/dlls/dinput/joystick_linuxinput.c:233:  [4] - (format) snprintf: If format strings can be influenced by an attacker they can be exploited and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
wine-git/include/wine/port.h:134:  [4] - (format) _snprintf: If format strings can be influenced by an attacker they can be exploited and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
wine-git/dlls/msvcrt/tests/printf.c:655:  [4] - (format) printf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/include/tchar.h:73:  [4] - (format) _ftprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/dlls/msi/cond.tab.c:854:  [4] - (format) fprintf: If format strings can be influenced by an attacker they can be exploited. Use a constant for the format specification.
wine-git/dlls/wintrust/tests/crypt.c:348:  [4] - (crypto) crypt: Function crypt is a poor one-way hashing algorithm; since it only accepts passwords of 8 characters or less and only a two-byte salt it is excessively vulnerable to dictionary attacks given today's faster computing equipment. Use a different algorithm such as SHA-1 with a larger non-repeating salt.
wine-git/include/msvcrt/stdio.h:230:  [4] - (buffer) wscanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function. If the scanf format is influenceable by an attacker it's exploitable.
wine-git/programs/taskmgr/perfdata.c:396:  [1] - (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers.
wine-git/include/tchar.h:121:  [1] - (buffer) wcslen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected).
wine-git/include/msvcrt/string.h:112:  [4] - (buffer) wcscpy: Does not check for buffer overflows when copying to destination. Consider using a function version that stops copying at the end of the buffer.
wine-git/include/tchar.h:108:  [4] - (buffer) wcscat: Does not check for buffer overflows when concatenating to destination.
wine-git/dlls/msvcrt/tests/printf.c:510:  [2] - (buffer) wchar_t: Statically-sized arrays can be overflowed. Perform bounds checking use functions that limit length or ensure that the size is larger than the maximum possible length.
wine-git/include/tchar.h:213:  [4] - (buffer) vswprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
wine-git/include/tchar.h:213:  [4] - (buffer) _vstprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
wine-git/dlls/ntdll/string.c:809:  [4] - (buffer) vsscanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function. If the scanf format is influenceable by an attacker it's exploitable.
wine-git/include/tchar.h:213:  [4] - (buffer) vsprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
wine-git/include/tchar.h:187:  [4] - (buffer) _tscanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function.
wine-git/include/tchar.h:131:  [1] - (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers.
wine-git/include/tchar.h:124:  [1] - (buffer) _tcsncat: Easily used incorrectly (e.g. incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings.
wine-git/include/tchar.h:121:  [1] - (buffer) _tcslen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected).
wine-git/programs/regedit/childwnd.c:126:  [4] - (buffer) _tcscpy: Does not check for buffer overflows when copying to destination. Consider using a function version that stops copying at the end of the buffer.
wine-git/programs/taskmgr/procpage.c:208:  [2] - (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination. Risk is low because the source is a constant string.
wine-git/include/tchar.h:99:  [4] - (buffer) swprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
wine-git/dlls/comctl32/tests/treeview.c:406:  [1] - (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers. Risk is low because the source is a constant string.
wine-git/tools/winedump/debug.c:711:  [1] - (buffer) strncat: Easily used incorrectly (e.g. incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings.
wine-git/dlls/advapi32/cred.c:579:  [1] - (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected).
wine-git/tools/wrc/utils.c:190:  [4] - (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning strncpy is easily misused).
wine-git/dlls/comctl32/rebar.c:304:  [2] - (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning strncat is easily misused). Risk is low because the source is a constant string.
wine-git/programs/winefile/winefile.h:157:  [4] - (buffer) _stprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
wine-git/dlls/d3dxof/d3dxof.c:394:  [4] - (buffer) sscanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function. If the scanf format is influenceable by an attacker it's exploitable.
wine-git/dlls/kernel32/oldconfig.c:412:  [1] - (buffer) sscanf: it's unclear if the %s limit in the format string is small enough. Check that the limit is sufficiently small or use a different input function.
wine-git/dlls/riched20/para.c:411:  [1] - (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source is a constant character.
wine-git/tools/wrc/wrc.c:224:  [4] - (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
wine-git/include/msvcrt/stdio.h:180:  [4] - (buffer) scanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function. If the scanf format is influenceable by an attacker it's exploitable.
wine-git/programs/winedbg/source.c:151:  [3] - (buffer) realpath: This function does not protect against buffer overflows and some implementations can overflow internally. Ensure that the destination buffer is at least of size MAXPATHLEN andto protect against implementation problems the input argument should also be checked to ensure it is no larger than MAXPATHLEN.
wine-git/dlls/advapi32/crypt.c:2292:  [1] - (buffer) read: Check buffer boundaries if used in a loop.
wine-git/dlls/crypt32/tests/sip.c:187:  [1] - (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS not bytes. Risk is very low the length appears to be in characters not bytes.
wine-git/dlls/msxml3/tests/saxreader.c:143:  [5] - (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS not bytes. Risk is high it appears that the size is given as bytes but the function requires size as characters.
wine-git/dlls/advapi32/advapi.c:88:  [2] - (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS not bytes.
wine-git/dlls/advapi32/cred.c:1041:  [2] - (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
wine-git/include/tchar.h:131:  [1] - (buffer) _mbsnbcpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers.
wine-git/dlls/msvcrt/mbcs.c:1318:  [1] - (buffer) _mbsnbcat: Easily used incorrectly (e.g. incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings.
wine-git/include/tchar.h:110:  [1] - (buffer) _mbslen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected).
wine-git/dlls/msvcrt/mbcs.c:806:  [4] - (buffer) _mbscpy: Does not check for buffer overflows when copying to destination. Consider using a function version that stops copying at the end of the buffer.
wine-git/include/tchar.h:108:  [4] - (buffer) _mbscat: Does not check for buffer overflows when concatenating to destination.
wine-git/include/winbase.h:2225:  [1] - (buffer) lstrcpyn: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers.
wine-git/programs/winhlp32/winhelp.c:608:  [4] - (buffer) lstrcpy: Does not check for buffer overflows when copying to destination. Consider using a function version that stops copying at the end of the buffer.
wine-git/dlls/advpack/tests/advpack.c:154:  [2] - (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination. Risk is low because the source is a constant string.
wine-git/dlls/setupapi/tests/misc.c:218:  [1] - (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination. Risk is low because the source is a constant character.
wine-git/dlls/msi/tests/db.c:1307:  [4] - (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination.
wine-git/include/tchar.h:77:  [5] - (buffer) _getts: Does not check for buffer overflows. Use fgets() instead.
wine-git/include/tchar.h:75:  [1] - (buffer) _gettc: Check buffer boundaries if used in a loop.
wine-git/include/msvcrt/stdio.h:171:  [5] - (buffer) gets: Does not check for buffer overflows. Use fgets() instead.
wine-git/tools/wrc/wrc.c:173:  [3] - (buffer) getopt: Some older implementations do not protect against internal buffer overflows . Check implementation on installation or limit the size of all string inputs.
wine-git/include/wine/port.h:277:  [3] - (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation or limit the size of all string inputs.
wine-git/tools/winegcc/winegcc.c:437:  [3] - (buffer) getenv: Environment variables are untrustable input if they can beit returns untrustable input if the environment can beset by an attacker. It can have any content and length and the same variable can be set more than once. Check environment variables carefully before using them.
wine-git/include/msvcrt/stdio.h:170:  [1] - (buffer) getchar: Check buffer boundaries if used in a loop.
wine-git/tools/wrc/parser.yy.c:1047:  [1] - (buffer) getc: Check buffer boundaries if used in a loop.
wine-git/include/tchar.h:74:  [4] - (buffer) _ftscanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function.
wine-git/include/msvcrt/stdio.h:164:  [4] - (buffer) fscanf: The scanf() family's %s operation without a limit specification permits buffer overflows. Specify a limit to %s or use a different input function. If the scanf format is influenceable by an attacker it's exploitable.
wine-git/tools/winedump/main.c:144:  [1] - (buffer) fscanf: it's unclear if the %s limit in the format string is small enough. Check that the limit is sufficiently small or use a different input function.
wine-git/dlls/msvcrt/tests/file.c:103:  [1] - (buffer) fgetc: Check buffer boundaries if used in a loop.
wine-git/programs/winecfg/audio.c:550:  [2] - (buffer) CopyMemory: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
wine-git/tools/wrc/writeres.c:51:  [2] - (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking use functions that limit length or ensure that the size is larger than the maximum possible length.
wine-git/dlls/msvcrt/file.c:1997:  [1] - (access) umask: Ensure that umask is given most restrictive possible setting (e.g. 066 or 077).
wine-git/dlls/advapi32/security.c:731:  [4] - (access) SetThreadToken: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
wine-git/dlls/rpcrt4/rpc_binding.c:1050:  [4] - (access) RpcImpersonateClient: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
wine-git/include/sspi.h:789:  [4] - (access) ImpersonateSecurityContext: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
wine-git/dlls/advapi32/security.c:1431:  [4] - (access) ImpersonateNamedPipeClient: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
wine-git/programs/taskmgr/perfdata.c:292:  [4] - (access) ImpersonateLoggedOnUser: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
wine-git/dlls/user32/dde_client.c:1429:  [4] - (access) ImpersonateDdeClientWindow: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
wine-git/include/objbase.h:400:  [4] - (access) CoImpersonateClient: If this call fails the program could fail to drop heightened privileges. Make sure the return value is checked and do not continue if a failure is reported.
 - 
Flawfinder version 1.26, (C) 2001-2004 David A. Wheeler. - 
Number of dangerous functions in C/C++ ruleset: 158 - 
Hits = 16350 - 
Hits/KSLOC@level+ = [0+] 8.85767 [1+] 8.85767 [2+] 7.15711 [3+] 2.40701 [4+] 1.46815 [5+] 0.0157109 - 
Hits@level = [0]   0 [1] 3139 [2] 8768 [3] 1733 [4] 2681 [5]  29 - 
Hits@level+ = [0+] 16350 [1+] 16350 [2+] 13211 [3+] 4443 [4+] 2710 [5+]  29 - 
Lines analyzed = 2450790 in 97.34 seconds (25307 lines/second) - 
Minimum risk level = 1 - 
Not every hit is necessarily a security vulnerability. - 
Physical Source Lines of Code (SLOC) = 1845858 - 
There may be other security vulnerabilities; review your code! -