From 202bf127dc6d96dce57213ea082fda111a9dcb75 Mon Sep 17 00:00:00 2001
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Date: Sat, 12 Jul 2014 12:25:59 -0400
Subject: [PATCH] Handle unbalanced double-quotes in sprintf

  - Handle unbalanced double-quotes.  This is a compilation error, but
    we can handle it more gracefully.
---
 flawfinder | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/flawfinder b/flawfinder
index 81a7e37..9f43449 100755
--- a/flawfinder
+++ b/flawfinder
@@ -559,7 +559,15 @@ p_dangerous_sprintf_format = re.compile(r'%-?([0-9]+|\*)?s')
 # sprintf has both buffer and format vulnerabilities.
 def c_sprintf(hit):
   source_position = hit.source_position
-  if source_position <= len(hit.parameters)-1:
+  if hit.parameters is None:
+    # Serious parameter problem, e.g., none, or a string constant that
+    # never finishes.
+    hit.warning = "format string parameter problem"
+    hit.suggestion = "Check if required parameters present and quotes close."
+    hit.level = 4
+    hit.category = "format"
+    hit.url = ""
+  elif source_position <= len(hit.parameters)-1:
     source=hit.parameters[source_position]
     if c_singleton_string(source):
       hit.level = 1